summaryrefslogtreecommitdiffstats
path: root/webkit/blob
diff options
context:
space:
mode:
Diffstat (limited to 'webkit/blob')
-rw-r--r--webkit/blob/view_blob_internals_job.cc9
1 files changed, 6 insertions, 3 deletions
diff --git a/webkit/blob/view_blob_internals_job.cc b/webkit/blob/view_blob_internals_job.cc
index eceb5cd..6ff830a 100644
--- a/webkit/blob/view_blob_internals_job.cc
+++ b/webkit/blob/view_blob_internals_job.cc
@@ -65,7 +65,7 @@ void EndHTML(std::string* out) {
void AddHTMLBoldText(const std::string& text, std::string* out) {
out->append("<b>");
- out->append(text);
+ out->append(EscapeForHTML(text));
out->append("</b>");
}
@@ -81,19 +81,22 @@ void AddHTMLListItem(const std::string& element_title,
const std::string& element_data,
std::string* out) {
out->append("<li>");
+ // No need to escape element_title since constant string is passed.
out->append(element_title);
- out->append(element_data);
+ out->append(EscapeForHTML(element_data));
out->append("</li>");
}
void AddHTMLButton(const std::string& title,
const std::string& command,
std::string* out) {
+ // No need to escape title since constant string is passed.
+ std::string escaped_command = EscapeForHTML(command.c_str());
base::StringAppendF(out,
"<input type=\"button\" value=\"%s\" "
"onclick=\"SubmitCommand('%s')\" />",
title.c_str(),
- command.c_str());
+ escaped_command.c_str());
}
} // namespace
generated by cgit v1.1 at 2025-01-07 06:55:57 +0000