summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
246bebe)
Wasn't actually a vulnerability because HttpStatus::getMessage
can only return one of a fixed set of values which are all plain
text without any special characters. However the return value
there is meant to plain text and not html, so just like
Html::element and other interfaces, things should be consitently
escaped.
Also renamed variables for clarity.
Change-Id: I8b61d7e9ea4101e3a9ef5f9a59a97db45aeef68c
*/
public function getHTML() {
if ( $this->header === null ) {
*/
public function getHTML() {
if ( $this->header === null ) {
- $header = HttpStatus::getMessage( $this->httpCode );
+ $titleHtml = htmlspecialchars( HttpStatus::getMessage( $this->httpCode ) );
} elseif ( $this->header instanceof Message ) {
} elseif ( $this->header instanceof Message ) {
- $header = $this->header->escaped();
+ $titleHtml = $this->header->escaped();
- $header = htmlspecialchars( $this->header );
+ $titleHtml = htmlspecialchars( $this->header );
}
if ( $this->content instanceof Message ) {
}
if ( $this->content instanceof Message ) {
- $content = $this->content->escaped();
+ $contentHtml = $this->content->escaped();
- $content = htmlspecialchars( $this->content );
+ $contentHtml = htmlspecialchars( $this->content );
}
return "<!DOCTYPE html>\n" .
}
return "<!DOCTYPE html>\n" .
- "<html><head><title>$header</title></head>\n" .
- "<body><h1>$header</h1><p>$content</p></body></html>\n";
+ "<html><head><title>$titleHtml</title></head>\n" .
+ "<body><h1>$header</h1><p>$contentHtml</p></body></html>\n";