HTML escape certificate fields

metsma · mrts · commit 083c77ed4e66 · 2024-04-26T15:49:03.000+03:00
WE2-926

Signed-off-by: Raul Metsma &lt;raul@metsma.ee&gt;
diff --git a/src/controller/command-handlers/certificatereader.cpp b/src/controller/command-handlers/certificatereader.cpp
@@ -78,7 +78,7 @@ CardCertificateAndPinInfo getCertificateWithStatusAndInfo(const CardInfo::ptr& c
 CertificateReader::CertificateReader(const CommandWithArguments& cmd) : CommandHandler(cmd)
 {
     validateAndStoreOrigin(cmd.second);
-    if (Application* app = qobject_cast<Application*>(qApp)) {
+    if (auto* app = qobject_cast<Application*>(qApp)) {
         app->loadTranslations(cmd.second.value(QStringLiteral("lang")).toString());
     }
 }
@@ -142,7 +142,7 @@ void CertificateReader::validateAndStoreOrigin(const QVariantMap& arguments)
         || origin.hasFragment()) {
         THROW(CommandHandlerInputDataError, "origin is not in <scheme>://<host>[:<port>] format");
     }
-    if (origin.scheme() != QStringLiteral("https") && origin.scheme() != QStringLiteral("wss")) {
+    if (origin.scheme() != QLatin1String("https") && origin.scheme() != QLatin1String("wss")) {
         THROW(CommandHandlerInputDataError, "origin scheme has to be https or wss");
     }
 }
diff --git a/src/ui/certificatewidget.cpp b/src/ui/certificatewidget.cpp
@@ -76,9 +76,12 @@ CardCertificateAndPinInfo CertificateWidgetInfo::certificateInfo() const
     return certAndPinInfo;
 }
 
-std::tuple<QString, QString, QString> CertificateWidgetInfo::certData() const
+std::tuple<QString, QString, QString, QString> CertificateWidgetInfo::certData() const
 {
-    return {certAndPinInfo.certificate.issuerInfo(QSslCertificate::CommonName).join(' '),
+    return {certAndPinInfo.certInfo.subject.toHtmlEscaped(),
+            certAndPinInfo.certificate.issuerInfo(QSslCertificate::CommonName)
+                .join(' ')
+                .toHtmlEscaped(),
             certAndPinInfo.certificate.effectiveDate().date().toString(Qt::ISODate),
             certAndPinInfo.certificate.expiryDate().date().toString(Qt::ISODate)};
 }
@@ -101,7 +104,7 @@ void CertificateWidgetInfo::setCertificateInfo(const CardCertificateAndPinInfo&
     certAndPinInfo = cardCertPinInfo;
     const auto& certInfo = cardCertPinInfo.certInfo;
     QString warning;
-    auto [issuer, effectiveDate, expiryDate] = certData();
+    auto [subject, issuer, effectiveDate, expiryDate] = certData();
     if (certInfo.notEffective) {
         effectiveDate = displayInRed(effectiveDate);
         warning = displayInRed(CertificateWidget::tr(" (Not effective)"));
@@ -111,7 +114,7 @@ void CertificateWidgetInfo::setCertificateInfo(const CardCertificateAndPinInfo&
         warning = displayInRed(CertificateWidget::tr(" (Expired)"));
     }
     info->setText(CertificateWidget::tr("<b>%1</b><br />Issuer: %2<br />Valid: %3 to %4%5")
-                      .arg(certInfo.subject, issuer, effectiveDate, expiryDate, warning));
+                      .arg(subject, issuer, effectiveDate, expiryDate, warning));
     info->parentWidget()->setDisabled(certInfo.notEffective || certInfo.isExpired
                                       || cardCertPinInfo.pinInfo.pinIsBlocked);
     if (warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked) {
@@ -171,10 +174,8 @@ bool CertificateButton::eventFilter(QObject* object, QEvent* event)
 void CertificateButton::setCertificateInfo(const CardCertificateAndPinInfo& cardCertPinInfo)
 {
     CertificateWidgetInfo::setCertificateInfo(cardCertPinInfo);
-    const auto& certInfo = cardCertPinInfo.certInfo;
-    auto [issuer, effectiveDate, expiryDate] = certData();
-    setText(tr("%1 Issuer: %2 Valid: %3 to %4")
-                .arg(certInfo.subject, issuer, effectiveDate, expiryDate));
+    auto [subject, issuer, effectiveDate, expiryDate] = certData();
+    setText(tr("%1 Issuer: %2 Valid: %3 to %4").arg(subject, issuer, effectiveDate, expiryDate));
 }
 
 void CertificateButton::paintEvent(QPaintEvent* /*event*/)
diff --git a/src/ui/certificatewidget.hpp b/src/ui/certificatewidget.hpp
@@ -42,7 +42,7 @@ class CertificateWidgetInfo
     Q_DISABLE_COPY_MOVE(CertificateWidgetInfo)
 
     void drawWarnIcon();
-    std::tuple<QString, QString, QString> certData() const;
+    std::tuple<QString, QString, QString, QString> certData() const;
 
     QLabel* icon;
     QLabel* info;

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ CardCertificateAndPinInfo getCertificateWithStatusAndInfo(const CardInfo::ptr& c`
`78`	`78`	`CertificateReader::CertificateReader(const CommandWithArguments& cmd) : CommandHandler(cmd)`
`79`	`79`	`{`
`80`	`80`	`validateAndStoreOrigin(cmd.second);`
`81`		`- if (Application* app = qobject_cast<Application*>(qApp)) {`
	`81`	`+ if (auto* app = qobject_cast<Application*>(qApp)) {`
`82`	`82`	`app->loadTranslations(cmd.second.value(QStringLiteral("lang")).toString());`
`83`	`83`	`}`
`84`	`84`	`}`
`@@ -142,7 +142,7 @@ void CertificateReader::validateAndStoreOrigin(const QVariantMap& arguments)`
`142`	`142`	`\|\| origin.hasFragment()) {`
`143`	`143`	`THROW(CommandHandlerInputDataError, "origin is not in <scheme>://<host>[:<port>] format");`
`144`	`144`	`}`
`145`		`- if (origin.scheme() != QStringLiteral("https") && origin.scheme() != QStringLiteral("wss")) {`
	`145`	`+ if (origin.scheme() != QLatin1String("https") && origin.scheme() != QLatin1String("wss")) {`
`146`	`146`	`THROW(CommandHandlerInputDataError, "origin scheme has to be https or wss");`
`147`	`147`	`}`
`148`	`148`	`}`