IRCClient: Escape HTML entities in nicknames, too, just in case

Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/d6f9349f15d
2024-09-11 05:25:32 +03:00 · 2019-11-07 18:09:52 +01:00 · 2019-11-07 18:09:52 +01:00 · d6f9349f15 · 2024-07-19 11:20:20 +09:00
commit d6f9349f15
parent 68e23bca3f
1 changed files with 2 additions and 2 deletions
--- a/Applications/IRCClient/IRCLogBuffer.cpp
+++ b/Applications/IRCClient/IRCLogBuffer.cpp
@ -44,7 +44,7 @@ static String timestamp_string()

 void IRCLogBuffer::add_message(char prefix, const String& name, const String& text, Color color)
 {
-    auto nick_string = String::format("&lt;%c%s&gt; ", prefix ? prefix : ' ', name.characters());
+    auto nick_string = String::format("<%c%s> ", prefix ? prefix : ' ', name.characters());
    auto html = String::format(
        "<div style=\"color: %s\">"
        "<span>%s</span>"
@ -53,7 +53,7 @@ void IRCLogBuffer::add_message(char prefix, const String& name, const String& te
        "</div>",
        color.to_string().characters(),
        timestamp_string().characters(),
-        nick_string.characters(),
+        escape_html_entities(nick_string).characters(),
        escape_html_entities(text).characters());
    auto fragment = parse_html_fragment(*m_document, html);
    m_container_element->append_child(fragment->remove_child(*fragment->first_child()));