From e8c228fb93de68e73964df867e3f63f7bba282be Mon Sep 17 00:00:00 2001 From: Psychpsyo Date: Sun, 17 Nov 2024 19:03:23 +0100 Subject: [PATCH] LibWeb: Properly escape URL on error page --- Libraries/LibWeb/Loader/GeneratedPagesLoader.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Libraries/LibWeb/Loader/GeneratedPagesLoader.cpp b/Libraries/LibWeb/Loader/GeneratedPagesLoader.cpp index f277fcd41c2..532f78afc75 100644 --- a/Libraries/LibWeb/Loader/GeneratedPagesLoader.cpp +++ b/Libraries/LibWeb/Loader/GeneratedPagesLoader.cpp @@ -33,7 +33,7 @@ ErrorOr load_error_page(URL::URL const& url, StringView error_message) auto template_file = TRY(Core::Resource::load_from_uri("resource://ladybird/templates/error.html"sv)); StringBuilder builder; SourceGenerator generator { builder, '%', '%' }; - generator.set("failed_url", url.to_byte_string()); + generator.set("failed_url", escape_html_entities(url.to_byte_string())); generator.set("error_message", escape_html_entities(error_message)); generator.append(template_file->data()); return TRY(String::from_utf8(generator.as_string_view()));