Fix entry preview rendering HTML

* Fixes #11538 - prevent rendering HTML in Title, Password, and URL fields in the entry preview pane.
This commit is contained in:
Jonathan White 2024-12-07 10:47:28 -05:00
parent b1180b3341
commit 7b70cc94e6
No known key found for this signature in database
GPG Key ID: 440FC65F2E0C6E01

View File

@ -245,7 +245,7 @@ void EntryPreviewWidget::updateEntryHeaderLine()
{ {
Q_ASSERT(m_currentEntry); Q_ASSERT(m_currentEntry);
const QString title = m_currentEntry->resolveMultiplePlaceholders(m_currentEntry->title()); const QString title = m_currentEntry->resolveMultiplePlaceholders(m_currentEntry->title());
m_ui->entryTitleLabel->setRawText(hierarchy(m_currentEntry->group(), title)); m_ui->entryTitleLabel->setRawText(hierarchy(m_currentEntry->group(), title.toHtmlEscaped()));
m_ui->entryIcon->setPixmap(Icons::entryIconPixmap(m_currentEntry, IconSize::Large)); m_ui->entryIcon->setPixmap(Icons::entryIconPixmap(m_currentEntry, IconSize::Large));
} }
@ -305,7 +305,7 @@ void EntryPreviewWidget::setPasswordVisible(bool state)
m_ui->entryPasswordLabel->setText(html); m_ui->entryPasswordLabel->setText(html);
} else { } else {
// No color // No color
m_ui->entryPasswordLabel->setText(password); m_ui->entryPasswordLabel->setText(password.toHtmlEscaped());
} }
} else if (password.isEmpty() && !config()->get(Config::Security_PasswordEmptyPlaceholder).toBool()) { } else if (password.isEmpty() && !config()->get(Config::Security_PasswordEmptyPlaceholder).toBool()) {
m_ui->entryPasswordLabel->setText(""); m_ui->entryPasswordLabel->setText("");
@ -387,7 +387,7 @@ void EntryPreviewWidget::updateEntryGeneralTab()
m_ui->entryNotesTextEdit->setFont(Font::defaultFont()); m_ui->entryNotesTextEdit->setFont(Font::defaultFont());
} }
m_ui->entryUrlLabel->setRawText(m_currentEntry->displayUrl()); m_ui->entryUrlLabel->setRawText(m_currentEntry->displayUrl().toHtmlEscaped());
const QString url = m_currentEntry->url(); const QString url = m_currentEntry->url();
if (!url.isEmpty()) { if (!url.isEmpty()) {
// URL is well formed and can be opened in a browser // URL is well formed and can be opened in a browser