Browser+WebContent: Fix HTML injection in console functions output

author: Linus Groh <mail@linusgroh.de> 2021-04-18 17:27:00 +0200
committer: Linus Groh <mail@linusgroh.de> 2021-04-18 18:28:17 +0200
commit: e37421bddc6a687ab497ef71e7a9eebedc6ab500 (patch)
tree: 5720f38eb0d50647da05e3601414911712944e75 /Userland/Services/WebContent/WebContentConsoleClient.cpp
parent: a178255a8b358b2c89014dc789203a81c3d213a5 (diff)
download: serenity-e37421bddc6a687ab497ef71e7a9eebedc6ab500.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/Userland/Services/WebContent/WebContentConsoleClient.cpp b/Userland/Services/WebContent/WebContentConsoleClient.cpp
index f8916fd3b3..e766cdfacf 100644
--- a/Userland/Services/WebContent/WebContentConsoleClient.cpp
+++ b/Userland/Services/WebContent/WebContentConsoleClient.cpp
@@ -81,7 +81,7 @@ void WebContentConsoleClient::clear_output()
 
 JS::Value WebContentConsoleClient::log()
 {
-    print_html(vm().join_arguments());
+    print_html(escape_html_entities(vm().join_arguments()));
     return JS::js_undefined();
 }
 
@@ -90,7 +90,7 @@ JS::Value WebContentConsoleClient::info()
     StringBuilder html;
     html.append("<span class=\"info\">");
     html.append("(i) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     print_html(html.string_view());
     return JS::js_undefined();
@@ -101,7 +101,7 @@ JS::Value WebContentConsoleClient::debug()
     StringBuilder html;
     html.append("<span class=\"debug\">");
     html.append("(d) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     print_html(html.string_view());
     return JS::js_undefined();
@@ -112,7 +112,7 @@ JS::Value WebContentConsoleClient::warn()
     StringBuilder html;
     html.append("<span class=\"warn\">");
     html.append("(w) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     print_html(html.string_view());
     return JS::js_undefined();
@@ -123,7 +123,7 @@ JS::Value WebContentConsoleClient::error()
     StringBuilder html;
     html.append("<span class=\"error\">");
     html.append("(e) ");
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     html.append("</span>");
     print_html(html.string_view());
     return JS::js_undefined();
@@ -138,7 +138,7 @@ JS::Value WebContentConsoleClient::clear()
 JS::Value WebContentConsoleClient::trace()
 {
     StringBuilder html;
-    html.append(vm().join_arguments());
+    html.append(escape_html_entities(vm().join_arguments()));
     auto trace = get_trace();
     for (auto& function_name : trace) {
         if (function_name.is_empty())
author	Linus Groh <mail@linusgroh.de>	2021-04-18 17:27:00 +0200
committer	Linus Groh <mail@linusgroh.de>	2021-04-18 18:28:17 +0200
commit	e37421bddc6a687ab497ef71e7a9eebedc6ab500 (patch)
tree	5720f38eb0d50647da05e3601414911712944e75 /Userland/Services/WebContent/WebContentConsoleClient.cpp
parent	a178255a8b358b2c89014dc789203a81c3d213a5 (diff)
download	serenity-e37421bddc6a687ab497ef71e7a9eebedc6ab500.zip