mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-17 08:17:30 +03:00
LibWeb: Fix HTML injection on FrameLoader error page
Small regression introduced by 3857148
, we still have to escape HTML
entities.
This commit is contained in:
parent
696f23d7a0
commit
024fd9b957
Notes:
sideshowbarker
2024-07-18 19:15:04 +09:00
@ -229,8 +229,8 @@ void FrameLoader::load_error_page(const URL& failed_url, const String& error)
|
||||
VERIFY(!data.is_null());
|
||||
StringBuilder builder;
|
||||
SourceGenerator generator { builder };
|
||||
generator.set("failed_url", failed_url.to_string());
|
||||
generator.set("error", error);
|
||||
generator.set("failed_url", escape_html_entities(failed_url.to_string()));
|
||||
generator.set("error", escape_html_entities(error));
|
||||
generator.append(data);
|
||||
auto document = HTML::parse_html_document(generator.as_string_view(), failed_url, "utf-8");
|
||||
VERIFY(document);
|
||||
|
Loading…
Reference in New Issue
Block a user