diff options
| -rw-r--r-- | src/svg/qsvggenerator.cpp | 4 | ||||
| -rw-r--r-- | tests/auto/qsvggenerator/tst_qsvggenerator.cpp | 62 |
2 files changed, 64 insertions, 2 deletions
diff --git a/src/svg/qsvggenerator.cpp b/src/svg/qsvggenerator.cpp index 1e3f55c..f641912 100644 --- a/src/svg/qsvggenerator.cpp +++ b/src/svg/qsvggenerator.cpp @@ -859,11 +859,11 @@ bool QSvgPaintEngine::begin(QPaintDevice *) " version=\"1.2\" baseProfile=\"tiny\">" << Qt::endl; if (!d->attributes.document_title.isEmpty()) { - *d->stream << "<title>" << d->attributes.document_title << "</title>" << Qt::endl; + *d->stream << "<title>" << d->attributes.document_title.toHtmlEscaped() << "</title>" << Qt::endl; } if (!d->attributes.document_description.isEmpty()) { - *d->stream << "<desc>" << d->attributes.document_description << "</desc>" << Qt::endl; + *d->stream << "<desc>" << d->attributes.document_description.toHtmlEscaped() << "</desc>" << Qt::endl; } d->stream->setString(&d->defs); diff --git a/tests/auto/qsvggenerator/tst_qsvggenerator.cpp b/tests/auto/qsvggenerator/tst_qsvggenerator.cpp index 0a282a6..d835e4b 100644 --- a/tests/auto/qsvggenerator/tst_qsvggenerator.cpp +++ b/tests/auto/qsvggenerator/tst_qsvggenerator.cpp @@ -25,6 +25,8 @@ public: private slots: void construction(); void fileName(); + void escapesTitle(); + void escapesDescription(); void outputDevice(); void sizeAndViewBox(); void metric(); @@ -119,6 +121,66 @@ void tst_QSvgGenerator::fileName() checkFile(fileName); } +void tst_QSvgGenerator::escapesTitle() +{ + QByteArray byteArray; + QBuffer buffer(&byteArray); + + const QString titleThatNeedsToBeEscaped("<malicious>\"title\" 'oh no'"); + + { + QSvgGenerator generator; + + generator.setOutputDevice(&buffer); + generator.setTitle(titleThatNeedsToBeEscaped); + + QPainter painter(&generator); + painter.end(); + } + + QDomDocument generated; + generated.setContent(byteArray); + + const auto titleElements = generated.documentElement().elementsByTagName("title"); + + QCOMPARE(1, titleElements.size()); + + const auto theOnlyTitleElement = titleElements.at(0); + + QCOMPARE(1, theOnlyTitleElement.childNodes().size()); + QCOMPARE(titleThatNeedsToBeEscaped, theOnlyTitleElement.firstChild().nodeValue()); +} + +void tst_QSvgGenerator::escapesDescription() +{ + QByteArray byteArray; + QBuffer buffer(&byteArray); + + const QString descriptionThatNeedsToBeEscaped("<evil>\"description\" 'whoopsie!'"); + + { + QSvgGenerator generator; + + generator.setOutputDevice(&buffer); + generator.setDescription(descriptionThatNeedsToBeEscaped); + + QPainter painter(&generator); + painter.end(); + } + + QDomDocument generated; + generated.setContent(byteArray); + + const auto descriptionElements = generated.documentElement().elementsByTagName("desc"); + + QCOMPARE(1, descriptionElements.size()); + + const auto theOnlyDescriptionElement = descriptionElements.at(0); + + QCOMPARE(1, theOnlyDescriptionElement.childNodes().size()); + QCOMPARE(descriptionThatNeedsToBeEscaped, theOnlyDescriptionElement.firstChild().nodeValue()); +} + void tst_QSvgGenerator::outputDevice() { QString fileName = "outputDevice_output.svg"; |