summaryrefslogtreecommitdiff
path: root/svtools
diff options
context:
space:
mode:
authorMiklos Vajna <vmiklos@collabora.com>2022-06-24 16:07:15 +0200
committerMiklos Vajna <vmiklos@collabora.com>2022-06-27 08:57:31 +0200
commit167a5ce786b0561028ad42ea3fc92e55d14484a4 (patch)
tree1a9be8e273795a359a294ca19525d4e384a96348 /svtools
parent8e8e0aefc998adba749a93cacc4660d859fba675 (diff)
sw HTML export: fix missing escaping for image links
Hyperlink URLs on images are currently written to the HTML output as-is, without any any encoding. Image links are written using HtmlWriter from svtools, which has the advantage of not building the markup manually (similar to sax_fastparser::FastSerializerHelper for XML), but that doesn't do any escaping. Some other parts of the HTML export build the export markup manually, but use HTMLOutFuncs::Out_String() to encode problematic content. Fix the problem by using HTMLOutFuncs::Out_String() in HtmlWriter for attribute values: it seems reasonable to assume that users of HtmlWriter would pass in unencoded strings, similar to how the sax serializer works. This could lead to double-encoding in case some user of HtmlWriter::attribute() would encode its attribute value already, but inspecting existing calls, none of the clients seem to do that at the moment. Change-Id: I5439e829b1b837cb9c51292b118f0b47e84197db Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136399 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Diffstat (limited to 'svtools')
-rw-r--r--svtools/qa/unit/testHtmlWriter.cxx21
-rw-r--r--svtools/source/svhtml/HtmlWriter.cxx3
2 files changed, 23 insertions, 1 deletions
diff --git a/svtools/qa/unit/testHtmlWriter.cxx b/svtools/qa/unit/testHtmlWriter.cxx
index d4c8e24e4390..702bf64464ab 100644
--- a/svtools/qa/unit/testHtmlWriter.cxx
+++ b/svtools/qa/unit/testHtmlWriter.cxx
@@ -198,6 +198,27 @@ CPPUNIT_TEST_FIXTURE(Test, testExactElementEnd)
CPPUNIT_ASSERT_EQUAL(OString("<start><a/><b/></start>"), aString);
}
+CPPUNIT_TEST_FIXTURE(Test, testAttributeValueEncode)
+{
+ // Given a HTML writer:
+ SvMemoryStream aStream;
+ HtmlWriter aHtml(aStream);
+ aHtml.prettyPrint(false);
+
+ // When writing an attribute with a value that needs encoding:
+ aHtml.start("element");
+ aHtml.attribute("attribute", "a&b");
+ aHtml.end();
+
+ // Then make sure that the encoding is performed:
+ OString aString = extractFromStream(aStream);
+ // Without the accompanying fix in place, this test would have failed with:
+ // - Expected: <element attribute="a&amp;b"/>
+ // - Actual : <element attribute="a&b"/>
+ // i.e. attribute value was not encoded in HTML, but it was in e.g. XML.
+ CPPUNIT_ASSERT_EQUAL(OString("<element attribute=\"a&amp;b\"/>"), aString);
+}
+
CPPUNIT_PLUGIN_IMPLEMENT();
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/svtools/source/svhtml/HtmlWriter.cxx b/svtools/source/svhtml/HtmlWriter.cxx
index f7c35a644706..b813c7ee50e8 100644
--- a/svtools/source/svhtml/HtmlWriter.cxx
+++ b/svtools/source/svhtml/HtmlWriter.cxx
@@ -11,6 +11,7 @@
#include <svtools/HtmlWriter.hxx>
#include <tools/stream.hxx>
#include <sal/log.hxx>
+#include <svtools/htmlout.hxx>
HtmlWriter::HtmlWriter(SvStream& rStream, std::string_view rNamespace) :
mrStream(rStream),
@@ -127,7 +128,7 @@ void HtmlWriter::writeAttribute(SvStream& rStream, std::string_view aAttribute,
rStream.WriteOString(aAttribute);
rStream.WriteChar('=');
rStream.WriteChar('"');
- rStream.WriteOString(aValue);
+ HTMLOutFuncs::Out_String(rStream, OStringToOUString(aValue, RTL_TEXTENCODING_UTF8));
rStream.WriteChar('"');
}