1
mirror of https://invent.kde.org/network/falkon.git synced 2024-12-24 04:36:34 +01:00

Fix not escaping characters for HTML directory listings

file: scheme handler is not currently used, this commit is
mainly to close the pull request.

Patch by philippwiesemann

Closes #1712
This commit is contained in:
David Rosca 2015-10-15 17:58:38 +02:00
parent cefe1bce54
commit b817c19081

View File

@ -170,7 +170,7 @@ QString FileSchemeReply::loadDirectory()
QString page = sPage;
QString title = request().url().toLocalFile();
title.replace(QLatin1Char('/'), QDir::separator());
page.replace(QLatin1String("%TITLE%"), tr("Index for %1").arg(title));
page.replace(QLatin1String("%TITLE%"), tr("Index for %1").arg(title.toHtmlEscaped()));
page.replace(QLatin1String("%CLICKABLE-TITLE%"), tr("Index for %1").arg(clickableSections(title)));
QString upDirDisplay = QLatin1String("none");
@ -203,7 +203,7 @@ QString FileSchemeReply::loadDirectory()
line += QLatin1String("<a href=\"");
line += QUrl::fromLocalFile(info.absoluteFilePath()).toEncoded();
line += QLatin1String("\">");
line += info.fileName();
line += info.fileName().toHtmlEscaped();
line += QLatin1String("</a></td><td class=\"td-size\">");
line += info.isDir() ? QString() : QzTools::fileSizeToString(info.size());
line += QLatin1String("</td><td>");
@ -245,7 +245,7 @@ QString FileSchemeReply::clickableSections(const QString &path)
#ifndef Q_OS_WIN
localFile.prepend(dirSeparator);
#endif
title += QString("<a href=\"%1\">%2</a>%3").arg(QUrl::fromLocalFile(localFile).toEncoded(), sections.at(i), dirSeparator);
title += QString("<a href=\"%1\">%2</a>%3").arg(QUrl::fromLocalFile(localFile).toEncoded(), sections.at(i).toHtmlEscaped(), dirSeparator);
}
return title;