Fix entry preview rendering HTML

* Fixes #11538 - prevent rendering HTML in Title, Password, and URL fields in the entry preview pane.
This commit is contained in:
Jonathan White 2024-12-07 10:47:28 -05:00
parent b1180b3341
commit 7b70cc94e6
No known key found for this signature in database
GPG Key ID: 440FC65F2E0C6E01

View File

@ -245,7 +245,7 @@ void EntryPreviewWidget::updateEntryHeaderLine()
{
Q_ASSERT(m_currentEntry);
const QString title = m_currentEntry->resolveMultiplePlaceholders(m_currentEntry->title());
m_ui->entryTitleLabel->setRawText(hierarchy(m_currentEntry->group(), title));
m_ui->entryTitleLabel->setRawText(hierarchy(m_currentEntry->group(), title.toHtmlEscaped()));
m_ui->entryIcon->setPixmap(Icons::entryIconPixmap(m_currentEntry, IconSize::Large));
}
@ -305,7 +305,7 @@ void EntryPreviewWidget::setPasswordVisible(bool state)
m_ui->entryPasswordLabel->setText(html);
} else {
// No color
m_ui->entryPasswordLabel->setText(password);
m_ui->entryPasswordLabel->setText(password.toHtmlEscaped());
}
} else if (password.isEmpty() && !config()->get(Config::Security_PasswordEmptyPlaceholder).toBool()) {
m_ui->entryPasswordLabel->setText("");
@ -387,7 +387,7 @@ void EntryPreviewWidget::updateEntryGeneralTab()
m_ui->entryNotesTextEdit->setFont(Font::defaultFont());
}
m_ui->entryUrlLabel->setRawText(m_currentEntry->displayUrl());
m_ui->entryUrlLabel->setRawText(m_currentEntry->displayUrl().toHtmlEscaped());
const QString url = m_currentEntry->url();
if (!url.isEmpty()) {
// URL is well formed and can be opened in a browser