[epiphany/gnome-3-38] pdf-handler: properly encode filename before inserting to HTML

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 41d78e8e74da25c5f70dd0d76938f2ad548a333b
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Tue Dec 14 16:46:07 2021 -0600

    pdf-handler: properly encode filename before inserting to HTML
    
    The file's name is suggested by the server, and could be malicious. We
    don't want it to be able to escape the HTML attribute context.
    
    The file data should already be safe because it is base-64 encoded. Here
    I'm just adjusting the code style to match what I've done for the
    filename.
    
    Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045>

 embed/ephy-pdf-handler.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)
---
diff --git a/embed/ephy-pdf-handler.c b/embed/ephy-pdf-handler.c
index 871d2487a..37df910ba 100644
--- a/embed/ephy-pdf-handler.c
+++ b/embed/ephy-pdf-handler.c
@@ -23,6 +23,7 @@
 
 #include "ephy-embed-container.h"
 #include "ephy-embed-shell.h"
+#include "ephy-output-encoding.h"
 #include "ephy-web-view.h"
 
 #include <gio/gio.h>
@@ -124,8 +125,9 @@ pdf_file_loaded (GObject      *source,
   GBytes *html_file;
   g_autoptr (GError) error = NULL;
   g_autoptr (GString) html = NULL;
-  g_autofree gchar *b64 = NULL;
   g_autofree char *file_data = NULL;
+  g_autofree char *encoded_file_data = NULL;
+  g_autofree char *encoded_filename = NULL;
   gsize len = 0;
 
   if (!g_file_load_contents_finish (G_FILE (source), res, &file_data, &len, NULL, &error)) {
@@ -134,13 +136,13 @@ pdf_file_loaded (GObject      *source,
     return;
   }
 
-  html_file = g_resources_lookup_data ("/org/gnome/epiphany/pdfjs/web/viewer.html", 0, NULL);
-
-  b64 = g_base64_encode ((const guchar *)file_data, len);
   g_file_delete_async (G_FILE (source), G_PRIORITY_DEFAULT, NULL, pdf_file_deleted, NULL);
 
-  html = g_string_new ("");
-  g_string_printf (html, g_bytes_get_data (html_file, NULL), b64, self->file_name ? self->file_name : "");
+  html = g_string_new (NULL);
+  html_file = g_resources_lookup_data ("/org/gnome/epiphany/pdfjs/web/viewer.html", 0, NULL);
+  encoded_file_data = g_base64_encode ((const guchar *)file_data, len);
+  encoded_filename = self->file_name ? ephy_encode_for_html_attribute (self->file_name) : g_strdup ("");
+  g_string_printf (html, g_bytes_get_data (html_file, NULL), encoded_file_data, encoded_filename);
 
   finish_uri_scheme_request (self, g_strdup (html->str), NULL);
 }