LibWeb: Fix HTML injection on FrameLoader error page

Small regression introduced by 3857148, we still have to escape HTML entities.
author: Linus Groh <mail@linusgroh.de> 2021-04-22 10:17:00 +0200
committer: Linus Groh <mail@linusgroh.de> 2021-04-22 10:17:00 +0200
commit: 024fd9b957ad50f4f991341fc64a236daf997c12 (patch)
tree: 723a02dd46e6db3d1d4326e7412240a9b37b3587
parent: 696f23d7a0f57d9920ecfdbc86406fb553242777 (diff)
download: serenity-024fd9b957ad50f4f991341fc64a236daf997c12.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
index 147bafa74b..80e19e2c2e 100644
--- a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
+++ b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
@@ -229,8 +229,8 @@ void FrameLoader::load_error_page(const URL& failed_url, const String& error)
             VERIFY(!data.is_null());
             StringBuilder builder;
             SourceGenerator generator { builder };
-            generator.set("failed_url", failed_url.to_string());
-            generator.set("error", error);
+            generator.set("failed_url", escape_html_entities(failed_url.to_string()));
+            generator.set("error", escape_html_entities(error));
             generator.append(data);
             auto document = HTML::parse_html_document(generator.as_string_view(), failed_url, "utf-8");
             VERIFY(document);
author	Linus Groh <mail@linusgroh.de>	2021-04-22 10:17:00 +0200
committer	Linus Groh <mail@linusgroh.de>	2021-04-22 10:17:00 +0200
commit	024fd9b957ad50f4f991341fc64a236daf997c12 (patch)
tree	723a02dd46e6db3d1d4326e7412240a9b37b3587
parent	696f23d7a0f57d9920ecfdbc86406fb553242777 (diff)
download	serenity-024fd9b957ad50f4f991341fc64a236daf997c12.zip