From e357bf3f4b6e9dd7bb88f9ecdf97b2e3f27ec506 Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Wed, 30 Jan 2019 11:46:22 -0800 Subject: [PATCH] Escaping HTML --- qml/main.qml | 3 ++- qml/overlays/ChatOverlay.qml | 3 ++- qml/utils.js | 10 ++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 qml/utils.js diff --git a/qml/main.qml b/qml/main.qml index 98724f9..b8b7b47 100644 --- a/qml/main.qml +++ b/qml/main.qml @@ -9,6 +9,7 @@ import "fonts/Twemoji.js" as T import "overlays" import "panes" import "widgets" +import "utils.js" as Utils Item { id: windowItem @@ -27,7 +28,7 @@ Item { T.twemoji.ext = ".png" T.twemoji.size = "72x72" T.twemoji.className = "\" height=\""+size+"\" width=\""+size - return T.twemoji.parse(text) + return T.twemoji.parse(Utils.htmlEscaped(text)) } function restoreEmoji(text) { // REPLACE TAGS WITH EMOJI diff --git a/qml/overlays/ChatOverlay.qml b/qml/overlays/ChatOverlay.qml index 02e3dfc..ba617c7 100644 --- a/qml/overlays/ChatOverlay.qml +++ b/qml/overlays/ChatOverlay.qml @@ -7,6 +7,7 @@ import QtQuick.Layouts 1.3 import "../widgets" import "../widgets/controls" as Awesome import "../fonts/Twemoji.js" as T +import "../utils.js" as Utils ColumnLayout { Layout.fillWidth: true @@ -46,7 +47,7 @@ ColumnLayout { "_handle": handle, "_from": from, "_displayName": displayName, - "_message": parse(msg.d, 12), + "_message":parse(msg.d, 12), "_image": image, "_mid": mid, "_fromMe": fromMe, diff --git a/qml/utils.js b/qml/utils.js new file mode 100644 index 0000000..e3918ff --- /dev/null +++ b/qml/utils.js @@ -0,0 +1,10 @@ +.pragma library + +function htmlEscaped(str) { + str = str.replace(/&/g, "&"); + str = str.replace(//g, ">"); + str = str.replace(/"/g, """); + str = str.replace(/'/g, "'"); + return str +}