sw HTML export: fix missing escaping for image links
Hyperlink URLs on images are currently written to the HTML output as-is, without any any encoding. Image links are written using HtmlWriter from svtools, which has the advantage of not building the markup manually (similar to sax_fastparser::FastSerializerHelper for XML), but that doesn't do any escaping. Some other parts of the HTML export build the export markup manually, but use HTMLOutFuncs::Out_String() to encode problematic content. Fix the problem by using HTMLOutFuncs::Out_String() in HtmlWriter for attribute values: it seems reasonable to assume that users of HtmlWriter would pass in unencoded strings, similar to how the sax serializer works. This could lead to double-encoding in case some user of HtmlWriter::attribute() would encode its attribute value already, but inspecting existing calls, none of the clients seem to do that at the moment. Change-Id: I5439e829b1b837cb9c51292b118f0b47e84197db Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136399 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
This commit is contained in:
Miklos Vajna
parent
8e8e0aefc9
commit
167a5ce786
2 changed files with 23 additions and 1 deletions
|
|
@ -198,6 +198,27 @@ CPPUNIT_TEST_FIXTURE(Test, testExactElementEnd)
|
|||
CPPUNIT_ASSERT_EQUAL(OString("<start><a/><b/></start>"), aString);
|
||||
}
|
||||
|
||||
CPPUNIT_TEST_FIXTURE(Test, testAttributeValueEncode)
|
||||
{
|
||||
// Given a HTML writer:
|
||||
SvMemoryStream aStream;
|
||||
HtmlWriter aHtml(aStream);
|
||||
aHtml.prettyPrint(false);
|
||||
|
||||
// When writing an attribute with a value that needs encoding:
|
||||
aHtml.start("element");
|
||||
aHtml.attribute("attribute", "a&b");
|
||||
aHtml.end();
|
||||
|
||||
// Then make sure that the encoding is performed:
|
||||
OString aString = extractFromStream(aStream);
|
||||
// Without the accompanying fix in place, this test would have failed with:
|
||||
// - Expected: <element attribute="a&b"/>
|
||||
// - Actual : <element attribute="a&b"/>
|
||||
// i.e. attribute value was not encoded in HTML, but it was in e.g. XML.
|
||||
CPPUNIT_ASSERT_EQUAL(OString("<element attribute=\"a&b\"/>"), aString);
|
||||
}
|
||||
|
||||
CPPUNIT_PLUGIN_IMPLEMENT();
|
||||
|
||||
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
#include <svtools/HtmlWriter.hxx>
|
||||
#include <tools/stream.hxx>
|
||||
#include <sal/log.hxx>
|
||||
#include <svtools/htmlout.hxx>
|
||||
|
||||
HtmlWriter::HtmlWriter(SvStream& rStream, std::string_view rNamespace) :
|
||||
mrStream(rStream),
|
||||
|
|
@ -127,7 +128,7 @@ void HtmlWriter::writeAttribute(SvStream& rStream, std::string_view aAttribute,
|
|||
rStream.WriteOString(aAttribute);
|
||||
rStream.WriteChar('=');
|
||||
rStream.WriteChar('"');
|
||||
rStream.WriteOString(aValue);
|
||||
HTMLOutFuncs::Out_String(rStream, OStringToOUString(aValue, RTL_TEXTENCODING_UTF8));
|
||||
rStream.WriteChar('"');
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue