diff options
author | Miklos Vajna <vmiklos@collabora.com> | 2022-06-24 16:07:15 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.com> | 2022-06-27 08:57:31 +0200 |
commit | 167a5ce786b0561028ad42ea3fc92e55d14484a4 (patch) | |
tree | 1a9be8e273795a359a294ca19525d4e384a96348 /svtools | |
parent | 8e8e0aefc998adba749a93cacc4660d859fba675 (diff) |
sw HTML export: fix missing escaping for image links
Hyperlink URLs on images are currently written to the HTML output as-is,
without any any encoding.
Image links are written using HtmlWriter from svtools, which has the
advantage of not building the markup manually (similar to
sax_fastparser::FastSerializerHelper for XML), but that doesn't do any
escaping. Some other parts of the HTML export build the export markup
manually, but use HTMLOutFuncs::Out_String() to encode problematic
content.
Fix the problem by using HTMLOutFuncs::Out_String() in HtmlWriter for
attribute values: it seems reasonable to assume that users of HtmlWriter
would pass in unencoded strings, similar to how the sax serializer
works.
This could lead to double-encoding in case some user of
HtmlWriter::attribute() would encode its attribute value already, but
inspecting existing calls, none of the clients seem to do that at the
moment.
Change-Id: I5439e829b1b837cb9c51292b118f0b47e84197db
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136399
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Diffstat (limited to 'svtools')
-rw-r--r-- | svtools/qa/unit/testHtmlWriter.cxx | 21 | ||||
-rw-r--r-- | svtools/source/svhtml/HtmlWriter.cxx | 3 |
2 files changed, 23 insertions, 1 deletions
diff --git a/svtools/qa/unit/testHtmlWriter.cxx b/svtools/qa/unit/testHtmlWriter.cxx index d4c8e24e4390..702bf64464ab 100644 --- a/svtools/qa/unit/testHtmlWriter.cxx +++ b/svtools/qa/unit/testHtmlWriter.cxx @@ -198,6 +198,27 @@ CPPUNIT_TEST_FIXTURE(Test, testExactElementEnd) CPPUNIT_ASSERT_EQUAL(OString("<start><a/><b/></start>"), aString); } +CPPUNIT_TEST_FIXTURE(Test, testAttributeValueEncode) +{ + // Given a HTML writer: + SvMemoryStream aStream; + HtmlWriter aHtml(aStream); + aHtml.prettyPrint(false); + + // When writing an attribute with a value that needs encoding: + aHtml.start("element"); + aHtml.attribute("attribute", "a&b"); + aHtml.end(); + + // Then make sure that the encoding is performed: + OString aString = extractFromStream(aStream); + // Without the accompanying fix in place, this test would have failed with: + // - Expected: <element attribute="a&b"/> + // - Actual : <element attribute="a&b"/> + // i.e. attribute value was not encoded in HTML, but it was in e.g. XML. + CPPUNIT_ASSERT_EQUAL(OString("<element attribute=\"a&b\"/>"), aString); +} + CPPUNIT_PLUGIN_IMPLEMENT(); /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/svtools/source/svhtml/HtmlWriter.cxx b/svtools/source/svhtml/HtmlWriter.cxx index f7c35a644706..b813c7ee50e8 100644 --- a/svtools/source/svhtml/HtmlWriter.cxx +++ b/svtools/source/svhtml/HtmlWriter.cxx @@ -11,6 +11,7 @@ #include <svtools/HtmlWriter.hxx> #include <tools/stream.hxx> #include <sal/log.hxx> +#include <svtools/htmlout.hxx> HtmlWriter::HtmlWriter(SvStream& rStream, std::string_view rNamespace) : mrStream(rStream), @@ -127,7 +128,7 @@ void HtmlWriter::writeAttribute(SvStream& rStream, std::string_view aAttribute, rStream.WriteOString(aAttribute); rStream.WriteChar('='); rStream.WriteChar('"'); - rStream.WriteOString(aValue); + HTMLOutFuncs::Out_String(rStream, OStringToOUString(aValue, RTL_TEXTENCODING_UTF8)); rStream.WriteChar('"'); } |