Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-91222

Markdown parser improperly handles certain HTML payloads

XMLWordPrintable

    • All
    • 362e56b520cd5f3efcc7600d558b515a8aec6a79 (qt/qtbase/dev) f2e5039738557023a921a68ecd5fb81bdb4f2efc (qt/qtbase/6.2)

      Using a naïve Markdown to HTML converter:

      QTextDocument d;

      d.setMarkdown(input); // Assume GFM with HTML enabled

      std::cout << d.toHtml().toStdString() << std::endl;

      The following HTML payload (which is also valid GFM):

      <b>x&lt;</b>

      gets converted to

      &lt;<span style=" font-weight:600;">x</span>

      (that's right, the escaped < ends up coming before the bold span). Meanwhile, the following payload:

      <b>&amp;</b>

      literally strips <b> (or whatever other element it would have been put to), becoming

      &amp;

      (boilerplate HTML before and after the key portion omitted).

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            srutledg Shawn Rutledge
            alexey.rusakov Alexey Rusakov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes