LibMarkdown: Wrap code block language string in escape_html_entities()

This would allow HTML injection as the string was inserted into the HTML output with no sanitation whatsoever. Fixes #7123.
author: Linus Groh <mail@linusgroh.de> 2021-05-19 23:30:42 +0100
committer: Linus Groh <mail@linusgroh.de> 2021-05-19 23:31:00 +0100
commit: 9c19e626754731e737208dcf4ee4e46f9d5bcd22 (patch)
tree: b2074c8f21046b9f0cdd4dd506b2698497aa25b7 /Userland/Libraries
parent: 0a70e1728a6ef5f1bbf8a77d629b69b51a1d15d2 (diff)
download: serenity-9c19e626754731e737208dcf4ee4e46f9d5bcd22.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Userland/Libraries/LibMarkdown/CodeBlock.cpp b/Userland/Libraries/LibMarkdown/CodeBlock.cpp
index 3a6b8dff15..de2bb0958b 100644
--- a/Userland/Libraries/LibMarkdown/CodeBlock.cpp
+++ b/Userland/Libraries/LibMarkdown/CodeBlock.cpp
@@ -39,7 +39,7 @@ String CodeBlock::render_to_html() const
     if (style_language.is_empty())
         builder.append("<code>");
     else
-        builder.appendff("<code class=\"{}\">", style_language);
+        builder.appendff("<code class=\"{}\">", escape_html_entities(style_language));
 
     if (style_language == "js")
         builder.append(JS::MarkupGenerator::html_from_source(m_code));
author	Linus Groh <mail@linusgroh.de>	2021-05-19 23:30:42 +0100
committer	Linus Groh <mail@linusgroh.de>	2021-05-19 23:31:00 +0100
commit	9c19e626754731e737208dcf4ee4e46f9d5bcd22 (patch)
tree	b2074c8f21046b9f0cdd4dd506b2698497aa25b7 /Userland/Libraries
parent	0a70e1728a6ef5f1bbf8a77d629b69b51a1d15d2 (diff)
download	serenity-9c19e626754731e737208dcf4ee4e46f9d5bcd22.zip