[tools] testbot/web: Escape URLs to the user details page.
Francois Gouget
fgouget at codeweavers.com
Thu Apr 21 08:58:42 CDT 2022
It may contain ampersands which should be escaped in HTML documents.
Signed-off-by: Francois Gouget <fgouget at codeweavers.com>
---
Web browsers don't actually care and HTML 5 reportedly allows not
escaping them in URLs as long as they are not ambiguous
(!~ /&[a-zA-Z]+;/) which ours shouldn't be (=~ /&[a-zA-Z]+=/).
But the TestBot is still on HTML 4 which means strictly speaking it
should escape these ampersands.
---
testbot/web/admin/UsersList.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/testbot/web/admin/UsersList.pl b/testbot/web/admin/UsersList.pl
index dcdb8111c..ec6d2822e 100644
--- a/testbot/web/admin/UsersList.pl
+++ b/testbot/web/admin/UsersList.pl
@@ -82,7 +82,7 @@ sub GenerateDataView($$$)
{
($Class, $Label) = ('usernone', 'none');
}
- my $DetailsLink = $self->GetDetailsLink($Row);
+ my $DetailsLink = $self->escapeHTML($self->GetDetailsLink($Row));
print "<a href='$DetailsLink'><span class='$Class'>$Label</span></a>";
}
else
--
2.30.2
More information about the wine-devel
mailing list