From 2d9bbb26709398a1211312306ce5bee4b639f2a3 Mon Sep 17 00:00:00 2001
From: Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk>
Date: Tue, 24 Nov 2009 15:28:59 -0200
Subject: Escape what is put inside <a> tags

We should be careful here, and make sure whatever is put enclosed by
<a> tags is correctly encoded. What caused bug #597049 is that what
was being liked to looked like a tag, so the browser ignored it, but
this is potentially a security vulnerability.

Bug #597049
---
 libempathy-gtk/empathy-theme-adium.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'libempathy-gtk/empathy-theme-adium.c')

diff --git a/libempathy-gtk/empathy-theme-adium.c b/libempathy-gtk/empathy-theme-adium.c
index a702ded6a..2e88ec1dd 100644
--- a/libempathy-gtk/empathy-theme-adium.c
+++ b/libempathy-gtk/empathy-theme-adium.c
@@ -228,12 +228,19 @@ theme_adium_replace_link (const gchar *text,
 {
 	GString *string = user_data;
 	gchar *real_url;
+	gchar *str;
 
 	/* Append the link inside <a href=""></a> tag */
 	real_url = empathy_make_absolute_url_len (text, len);
 
 	g_string_append_printf (string, "<a href=\"%s\">", real_url);
-	g_string_append_len (string, text, len);
+
+	/* The thing we are making a link of may contain
+	 * characters which need escaping */
+	str = g_markup_escape_text (text, len);
+	g_string_append (string, str);
+	g_free (str);
+
 	g_string_append (string, "</a>");
 
 	g_free (real_url);
-- 
cgit v1.2.3