Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-91222

Markdown parser improperly handles certain HTML payloads

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 5.15.2
    • Fix Version/s: 6.3.0 Alpha
    • Component/s: GUI: Text handling
    • Labels:
      None
    • Platform/s:
      All
    • Commits:
      362e56b520cd5f3efcc7600d558b515a8aec6a79 (qt/qtbase/dev) f2e5039738557023a921a68ecd5fb81bdb4f2efc (qt/qtbase/6.2)

      Description

      Using a naïve Markdown to HTML converter:

      QTextDocument d;

      d.setMarkdown(input); // Assume GFM with HTML enabled

      std::cout << d.toHtml().toStdString() << std::endl;

      The following HTML payload (which is also valid GFM):

      <b>x&lt;</b>

      gets converted to

      &lt;<span style=" font-weight:600;">x</span>

      (that's right, the escaped < ends up coming before the bold span). Meanwhile, the following payload:

      <b>&amp;</b>

      literally strips <b> (or whatever other element it would have been put to), becoming

      &amp;

      (boilerplate HTML before and after the key portion omitted).

        Attachments

          Issue Links

          For Gerrit Dashboard: QTBUG-91222
          # Subject Branch Project Status CR V

            Activity

              People

              Assignee:
              srutledg Shawn Rutledge
              Reporter:
              alexey.rusakov Alexey Rusakov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes