Escape the values of title and description in the svg generator

The values for title and description are not escaped. This leads to the generation of incorrectly structured SVG documents if meaningful characters are added in the title (<, >, ', " for example). Fixes: QTBUG-104203 Change-Id: I26bc5cf31c0178352774f9c1e6f57697a671d507 Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
author: Mikolaj Boc <mikolaj.boc@qt.io> 2022-06-13 15:27:14 +0200
committer: Mikolaj Boc <mikolaj.boc@qt.io> 2022-06-14 09:58:31 +0200
commit: 4698862b763c2ab1ef14335e6cf8f15b375441b3 (patch)
tree: 935b1e4f7263ca2db16b0a318abd9ba8761047e1 /src
parent: eb733a078b728e56bbfef7ab395a5de645aa2dd4 (diff)
download: qtsvg-4698862b763c2ab1ef14335e6cf8f15b375441b3.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/svg/qsvggenerator.cpp b/src/svg/qsvggenerator.cpp
index 1e3f55c..f641912 100644
--- a/src/svg/qsvggenerator.cpp
+++ b/src/svg/qsvggenerator.cpp
@@ -859,11 +859,11 @@ bool QSvgPaintEngine::begin(QPaintDevice *)
                   " version=\"1.2\" baseProfile=\"tiny\">" << Qt::endl;
 
     if (!d->attributes.document_title.isEmpty()) {
-        *d->stream << "<title>" << d->attributes.document_title << "</title>" << Qt::endl;
+        *d->stream << "<title>" << d->attributes.document_title.toHtmlEscaped() << "</title>" << Qt::endl;
     }
 
     if (!d->attributes.document_description.isEmpty()) {
-        *d->stream << "<desc>" << d->attributes.document_description << "</desc>" << Qt::endl;
+        *d->stream << "<desc>" << d->attributes.document_description.toHtmlEscaped() << "</desc>" << Qt::endl;
     }
 
     d->stream->setString(&d->defs);
author	Mikolaj Boc <mikolaj.boc@qt.io>	2022-06-13 15:27:14 +0200
committer	Mikolaj Boc <mikolaj.boc@qt.io>	2022-06-14 09:58:31 +0200
commit	4698862b763c2ab1ef14335e6cf8f15b375441b3 (patch)
tree	935b1e4f7263ca2db16b0a318abd9ba8761047e1 /src
parent	eb733a078b728e56bbfef7ab395a5de645aa2dd4 (diff)
download	qtsvg-4698862b763c2ab1ef14335e6cf8f15b375441b3.tar.gz