diff options
author | Mikolaj Boc <mikolaj.boc@qt.io> | 2022-06-13 15:27:14 +0200 |
---|---|---|
committer | Mikolaj Boc <mikolaj.boc@qt.io> | 2022-06-14 09:58:31 +0200 |
commit | 4698862b763c2ab1ef14335e6cf8f15b375441b3 (patch) | |
tree | 935b1e4f7263ca2db16b0a318abd9ba8761047e1 /src | |
parent | eb733a078b728e56bbfef7ab395a5de645aa2dd4 (diff) | |
download | qtsvg-4698862b763c2ab1ef14335e6cf8f15b375441b3.tar.gz |
Escape the values of title and description in the svg generator
The values for title and description are not escaped. This leads to
the generation of incorrectly structured SVG documents if meaningful
characters are added in the title (<, >, ', " for example).
Fixes: QTBUG-104203
Change-Id: I26bc5cf31c0178352774f9c1e6f57697a671d507
Reviewed-by: Tor Arne Vestbø <tor.arne.vestbo@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/svg/qsvggenerator.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/svg/qsvggenerator.cpp b/src/svg/qsvggenerator.cpp index 1e3f55c..f641912 100644 --- a/src/svg/qsvggenerator.cpp +++ b/src/svg/qsvggenerator.cpp @@ -859,11 +859,11 @@ bool QSvgPaintEngine::begin(QPaintDevice *) " version=\"1.2\" baseProfile=\"tiny\">" << Qt::endl; if (!d->attributes.document_title.isEmpty()) { - *d->stream << "<title>" << d->attributes.document_title << "</title>" << Qt::endl; + *d->stream << "<title>" << d->attributes.document_title.toHtmlEscaped() << "</title>" << Qt::endl; } if (!d->attributes.document_description.isEmpty()) { - *d->stream << "<desc>" << d->attributes.document_description << "</desc>" << Qt::endl; + *d->stream << "<desc>" << d->attributes.document_description.toHtmlEscaped() << "</desc>" << Qt::endl; } d->stream->setString(&d->defs); |