/pidgin/main: 3ce33bc98c02: Fix HTML injection bug in GtkIMHtml.

Sa?l Hidalgo saulhidalgo31 at gmail.com
Sun Jan 27 19:31:13 EST 2013


Changeset: 3ce33bc98c027ba50cdadfa5a68b9311020be042
Author:	 Sa?l Hidalgo <saulhidalgo31 at gmail.com>
Date:	 2013-01-27 17:26 -0500
Branch:	 release-2.x.y
URL: http://hg.pidgin.im/pidgin/main/rev/3ce33bc98c02

Description:

Fix HTML injection bug in GtkIMHtml.

Fixes #13189.

diffstat:

 pidgin/gtkimhtml.c |  4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diffs (15 lines):

diff --git a/pidgin/gtkimhtml.c b/pidgin/gtkimhtml.c
--- a/pidgin/gtkimhtml.c
+++ b/pidgin/gtkimhtml.c
@@ -5109,8 +5109,10 @@ static const gchar *tag_to_html_start(Gt
 	} else if (strncmp(name, "LINK ", 5) == 0) {
 		char *tmp = g_object_get_data(G_OBJECT(tag), "link_url");
 		if (tmp) {
-			g_snprintf(buf, sizeof(buf), "<a href=\"%s\">", tmp);
+			gchar *escaped = purple_markup_escape_text(tmp, -1);
+			g_snprintf(buf, sizeof(buf), "<a href=\"%s\">", escaped);
 			buf[sizeof(buf)-1] = '\0';
+			g_free(escaped);
 			return buf;
 		} else {
 			return "";



More information about the Commits mailing list