Fix entry preview rendering HTML

droidmonkey · droidmonkey · commit 5e61db630c4a · 2024-12-24T08:25:29.000-05:00
* Fixes keepassxreboot#11538 - prevent rendering HTML in Title, Password, and URL fields in the entry preview pane.
diff --git a/src/gui/EntryPreviewWidget.cpp b/src/gui/EntryPreviewWidget.cpp
@@ -245,7 +245,7 @@ void EntryPreviewWidget::updateEntryHeaderLine()
 {
     Q_ASSERT(m_currentEntry);
     const QString title = m_currentEntry->resolveMultiplePlaceholders(m_currentEntry->title());
-    m_ui->entryTitleLabel->setRawText(hierarchy(m_currentEntry->group(), title));
+    m_ui->entryTitleLabel->setRawText(hierarchy(m_currentEntry->group(), title.toHtmlEscaped()));
     m_ui->entryIcon->setPixmap(Icons::entryIconPixmap(m_currentEntry, IconSize::Large));
 }
 
@@ -305,7 +305,7 @@ void EntryPreviewWidget::setPasswordVisible(bool state)
             m_ui->entryPasswordLabel->setText(html);
         } else {
             // No color
-            m_ui->entryPasswordLabel->setText(password);
+            m_ui->entryPasswordLabel->setText(password.toHtmlEscaped());
         }
     } else if (password.isEmpty() && !config()->get(Config::Security_PasswordEmptyPlaceholder).toBool()) {
         m_ui->entryPasswordLabel->setText("");
@@ -387,7 +387,7 @@ void EntryPreviewWidget::updateEntryGeneralTab()
         m_ui->entryNotesTextEdit->setFont(Font::defaultFont());
     }
 
-    m_ui->entryUrlLabel->setRawText(m_currentEntry->displayUrl());
+    m_ui->entryUrlLabel->setRawText(m_currentEntry->displayUrl().toHtmlEscaped());
     const QString url = m_currentEntry->url();
     if (!url.isEmpty()) {
         // URL is well formed and can be opened in a browser

Original file line number	Diff line number	Diff line change
`@@ -245,7 +245,7 @@ void EntryPreviewWidget::updateEntryHeaderLine()`
`245`	`245`	`{`
`246`	`246`	`Q_ASSERT(m_currentEntry);`
`247`	`247`	`const QString title = m_currentEntry->resolveMultiplePlaceholders(m_currentEntry->title());`
`248`		`- m_ui->entryTitleLabel->setRawText(hierarchy(m_currentEntry->group(), title));`
	`248`	`+ m_ui->entryTitleLabel->setRawText(hierarchy(m_currentEntry->group(), title.toHtmlEscaped()));`
`249`	`249`	`m_ui->entryIcon->setPixmap(Icons::entryIconPixmap(m_currentEntry, IconSize::Large));`
`250`	`250`	`}`
`251`	`251`
`@@ -305,7 +305,7 @@ void EntryPreviewWidget::setPasswordVisible(bool state)`
`305`	`305`	`m_ui->entryPasswordLabel->setText(html);`
`306`	`306`	`} else {`
`307`	`307`	`// No color`
`308`		`- m_ui->entryPasswordLabel->setText(password);`
	`308`	`+ m_ui->entryPasswordLabel->setText(password.toHtmlEscaped());`
`309`	`309`	`}`
`310`	`310`	`} else if (password.isEmpty() && !config()->get(Config::Security_PasswordEmptyPlaceholder).toBool()) {`
`311`	`311`	`m_ui->entryPasswordLabel->setText("");`
`@@ -387,7 +387,7 @@ void EntryPreviewWidget::updateEntryGeneralTab()`
`387`	`387`	`m_ui->entryNotesTextEdit->setFont(Font::defaultFont());`
`388`	`388`	`}`
`389`	`389`
`390`		`- m_ui->entryUrlLabel->setRawText(m_currentEntry->displayUrl());`
	`390`	`+ m_ui->entryUrlLabel->setRawText(m_currentEntry->displayUrl().toHtmlEscaped());`
`391`	`391`	`const QString url = m_currentEntry->url();`
`392`	`392`	`if (!url.isEmpty()) {`
`393`	`393`	`// URL is well formed and can be opened in a browser`