svtools/qa/unit/testHtmlWriter.cxx | 21 +++++++++++++++++++++
svtools/source/svhtml/HtmlWriter.cxx | 3 ++-
2 files changed, 23 insertions(+), 1 deletion(-)
New commits:
commit b48f87d9823f85820a1cbf2c0baa23695ec66001
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Fri Jun 24 16:07:15 2022 +0200
Commit: Xisco Fauli <xiscofa...@libreoffice.org>
CommitDate: Mon Jun 27 11:11:18 2022 +0200
sw HTML export: fix missing escaping for image links
Hyperlink URLs on images are currently written to the HTML output as-is,
without any any encoding.
Image links are written using HtmlWriter from svtools, which has the
advantage of not building the markup manually (similar to
sax_fastparser::FastSerializerHelper for XML), but that doesn't do any
escaping. Some other parts of the HTML export build the export markup
manually, but use HTMLOutFuncs::Out_String() to encode problematic
content.
Fix the problem by using HTMLOutFuncs::Out_String() in HtmlWriter for
attribute values: it seems reasonable to assume that users of HtmlWriter
would pass in unencoded strings, similar to how the sax serializer
works.
This could lead to double-encoding in case some user of
HtmlWriter::attribute() would encode its attribute value already, but
inspecting existing calls, none of the clients seem to do that at the
moment.
Change-Id: I5439e829b1b837cb9c51292b118f0b47e84197db
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136399
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
(cherry picked from commit 167a5ce786b0561028ad42ea3fc92e55d14484a4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136456
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
diff --git a/svtools/qa/unit/testHtmlWriter.cxx
b/svtools/qa/unit/testHtmlWriter.cxx
index d4c8e24e4390..702bf64464ab 100644
--- a/svtools/qa/unit/testHtmlWriter.cxx
+++ b/svtools/qa/unit/testHtmlWriter.cxx
@@ -198,6 +198,27 @@ CPPUNIT_TEST_FIXTURE(Test, testExactElementEnd)
CPPUNIT_ASSERT_EQUAL(OString("<start><a/><b/></start>"), aString);
}
+CPPUNIT_TEST_FIXTURE(Test, testAttributeValueEncode)
+{
+ // Given a HTML writer:
+ SvMemoryStream aStream;
+ HtmlWriter aHtml(aStream);
+ aHtml.prettyPrint(false);
+
+ // When writing an attribute with a value that needs encoding:
+ aHtml.start("element");
+ aHtml.attribute("attribute", "a&b");
+ aHtml.end();
+
+ // Then make sure that the encoding is performed:
+ OString aString = extractFromStream(aStream);
+ // Without the accompanying fix in place, this test would have failed with:
+ // - Expected: <element attribute="a&b"/>
+ // - Actual : <element attribute="a&b"/>
+ // i.e. attribute value was not encoded in HTML, but it was in e.g. XML.
+ CPPUNIT_ASSERT_EQUAL(OString("<element attribute=\"a&b\"/>"), aString);
+}
+
CPPUNIT_PLUGIN_IMPLEMENT();
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/svtools/source/svhtml/HtmlWriter.cxx
b/svtools/source/svhtml/HtmlWriter.cxx
index f7c35a644706..b813c7ee50e8 100644
--- a/svtools/source/svhtml/HtmlWriter.cxx
+++ b/svtools/source/svhtml/HtmlWriter.cxx
@@ -11,6 +11,7 @@
#include <svtools/HtmlWriter.hxx>
#include <tools/stream.hxx>
#include <sal/log.hxx>
+#include <svtools/htmlout.hxx>
HtmlWriter::HtmlWriter(SvStream& rStream, std::string_view rNamespace) :
mrStream(rStream),
@@ -127,7 +128,7 @@ void HtmlWriter::writeAttribute(SvStream& rStream,
std::string_view aAttribute,
rStream.WriteOString(aAttribute);
rStream.WriteChar('=');
rStream.WriteChar('"');
- rStream.WriteOString(aValue);
+ HTMLOutFuncs::Out_String(rStream, OStringToOUString(aValue,
RTL_TEXTENCODING_UTF8));
rStream.WriteChar('"');
}
