rnhmjoj
/
nheko
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #722 from Thulinma/noHtmlFixes 

Fix two more HTML injection attacks.
This commit is contained in:
DeepBlueV7.X 2021-09-11 22:19:44 +00:00 committed by GitHub
parent 7bb1b1c650 45b5629fe4
commit e88ab89c18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/RoomsModel.cpp
View File

@ -77,7 +77,7 @@ RoomsModel::data(const QModelIndex &index, int role) const
return QString::fromStdString( return QString::fromStdString(
roomInfos.at(roomids[index.row()]).avatar_url); roomInfos.at(roomids[index.row()]).avatar_url);
case Roles::RoomID: case Roles::RoomID:
return roomids[index.row()]; return roomids[index.row()].toHtmlEscaped();
} }
} }
return {}; return {};

4
src/timeline/Reaction.h
View File

@ -16,8 +16,8 @@ struct Reaction
Q_PROPERTY(int count READ count) Q_PROPERTY(int count READ count)
public: public:
QString key() const { return key_; } QString key() const { return key_.toHtmlEscaped(); }
QString users() const { return users_; } QString users() const { return users_.toHtmlEscaped(); }
QString selfReactedEvent() const { return selfReactedEvent_; } QString selfReactedEvent() const { return selfReactedEvent_; }
int count() const { return count_; } int count() const { return count_; }