[epiphany/gnome-40] about-handler: don't attribute-encode title entity

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/gnome-40] about-handler: don't attribute-encode title entity
Date: Wed, 15 Dec 2021 21:06:49 +0000 (UTC)

commit 382174dfe81945121e251bfa064358fccdd5bc41
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Wed Dec 15 15:04:49 2021 -0600

    about-handler: don't attribute-encode title entity
    
    Let's use only the required encoding here, and not more.

 embed/ephy-about-handler.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)
---
diff --git a/embed/ephy-about-handler.c b/embed/ephy-about-handler.c
index 4d591c1c7..2859c741e 100644
--- a/embed/ephy-about-handler.c
+++ b/embed/ephy-about-handler.c
@@ -429,7 +429,8 @@ history_service_query_urls_cb (EphyHistoryService     *history,
     EphyHistoryURL *url = (EphyHistoryURL *)l->data;
     const char *snapshot;
     g_autofree char *thumbnail_style = NULL;
-    g_autofree char *encoded_title = NULL;
+    g_autofree char *entity_encoded_title = NULL;
+    g_autofree char *attribute_encoded_title = NULL;
     g_autofree char *encoded_url = NULL;
 
     snapshot = ephy_snapshot_service_lookup_cached_snapshot_path (snapshot_service, url->url);
@@ -439,7 +440,8 @@ history_service_query_urls_cb (EphyHistoryService     *history,
       ephy_embed_shell_schedule_thumbnail_update (shell, url);
 
     /* Title and URL are controlled by web content and could be malicious. */
-    encoded_title = ephy_encode_for_html_attribute (url->title);
+    entity_encoded_title = ephy_encode_for_html_entity (url->title);
+    attribute_encoded_title = ephy_encode_for_html_attribute (url->title);
     encoded_url = ephy_encode_for_html_attribute (url->url);
     g_string_append_printf (data_str,
                             "<a class=\"overview-item\" title=\"%s\" href=\"%s\">"
@@ -447,8 +449,9 @@ history_service_query_urls_cb (EphyHistoryService     *history,
                             "  <span class=\"overview-thumbnail\"%s></span>"
                             "  <span class=\"overview-title\">%s</span>"
                             "</a>",
-                            encoded_title, encoded_url, _("Remove from overview"),
-                            thumbnail_style ? thumbnail_style : "", encoded_title);
+                            attribute_encoded_title, encoded_url, _("Remove from overview"),
+                            thumbnail_style ? thumbnail_style : "",
+                            entity_encoded_title);
   }
 
   data_str = g_string_append (data_str,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]