Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit c92db391 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

ClipData: html attribute values should always be escaped 

Failure to properly escape HTML attribute values can lead to
XSS attacks. Technically, HTML of the form

<a href="http://www.google.com/search?x=a&y=b">blah</a>

is malformed (but widely accepted). Such links should be written as

<a href="http://www.google.com/search?x=a&amp;y=b">blah</a>

See: http://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2.2

Change-Id: I188ded00b4cac44acb38884d4728c4cf9500f3b6
parent 527d14dc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment