diff options
author | Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk> | 2009-11-25 01:28:59 +0800 |
---|---|---|
committer | Xavier Claessens <xclaesse@gmail.com> | 2009-11-25 07:21:15 +0800 |
commit | 2d9bbb26709398a1211312306ce5bee4b639f2a3 (patch) | |
tree | bc8f3d38e321c43e17a3a08e9384359f32945de8 /libempathy-gtk | |
parent | b253440c84091dd88e619171330e895507abe40d (diff) | |
download | gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.gz gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.bz2 gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.lz gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.xz gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.tar.zst gsoc2013-empathy-2d9bbb26709398a1211312306ce5bee4b639f2a3.zip |
Escape what is put inside <a> tags
We should be careful here, and make sure whatever is put enclosed by
<a> tags is correctly encoded. What caused bug #597049 is that what
was being liked to looked like a tag, so the browser ignored it, but
this is potentially a security vulnerability.
Bug #597049
Diffstat (limited to 'libempathy-gtk')
-rw-r--r-- | libempathy-gtk/empathy-theme-adium.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/libempathy-gtk/empathy-theme-adium.c b/libempathy-gtk/empathy-theme-adium.c index a702ded6a..2e88ec1dd 100644 --- a/libempathy-gtk/empathy-theme-adium.c +++ b/libempathy-gtk/empathy-theme-adium.c @@ -228,12 +228,19 @@ theme_adium_replace_link (const gchar *text, { GString *string = user_data; gchar *real_url; + gchar *str; /* Append the link inside <a href=""></a> tag */ real_url = empathy_make_absolute_url_len (text, len); g_string_append_printf (string, "<a href=\"%s\">", real_url); - g_string_append_len (string, text, len); + + /* The thing we are making a link of may contain + * characters which need escaping */ + str = g_markup_escape_text (text, len); + g_string_append (string, str); + g_free (str); + g_string_append (string, "</a>"); g_free (real_url); |