Skip to content

Commit 083c77e

Browse files
metsmamrts
authored andcommitted
HTML escape certificate fields
WE2-926 Signed-off-by: Raul Metsma <raul@metsma.ee>
1 parent 83cbf31 commit 083c77e

File tree

3 files changed

+12
-11
lines changed

3 files changed

+12
-11
lines changed

src/controller/command-handlers/certificatereader.cpp

+2-2
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ CardCertificateAndPinInfo getCertificateWithStatusAndInfo(const CardInfo::ptr& c
7878
CertificateReader::CertificateReader(const CommandWithArguments& cmd) : CommandHandler(cmd)
7979
{
8080
validateAndStoreOrigin(cmd.second);
81-
if (Application* app = qobject_cast<Application*>(qApp)) {
81+
if (auto* app = qobject_cast<Application*>(qApp)) {
8282
app->loadTranslations(cmd.second.value(QStringLiteral("lang")).toString());
8383
}
8484
}
@@ -142,7 +142,7 @@ void CertificateReader::validateAndStoreOrigin(const QVariantMap& arguments)
142142
|| origin.hasFragment()) {
143143
THROW(CommandHandlerInputDataError, "origin is not in <scheme>://<host>[:<port>] format");
144144
}
145-
if (origin.scheme() != QStringLiteral("https") && origin.scheme() != QStringLiteral("wss")) {
145+
if (origin.scheme() != QLatin1String("https") && origin.scheme() != QLatin1String("wss")) {
146146
THROW(CommandHandlerInputDataError, "origin scheme has to be https or wss");
147147
}
148148
}

src/ui/certificatewidget.cpp

+9-8
Original file line numberDiff line numberDiff line change
@@ -76,9 +76,12 @@ CardCertificateAndPinInfo CertificateWidgetInfo::certificateInfo() const
7676
return certAndPinInfo;
7777
}
7878

79-
std::tuple<QString, QString, QString> CertificateWidgetInfo::certData() const
79+
std::tuple<QString, QString, QString, QString> CertificateWidgetInfo::certData() const
8080
{
81-
return {certAndPinInfo.certificate.issuerInfo(QSslCertificate::CommonName).join(' '),
81+
return {certAndPinInfo.certInfo.subject.toHtmlEscaped(),
82+
certAndPinInfo.certificate.issuerInfo(QSslCertificate::CommonName)
83+
.join(' ')
84+
.toHtmlEscaped(),
8285
certAndPinInfo.certificate.effectiveDate().date().toString(Qt::ISODate),
8386
certAndPinInfo.certificate.expiryDate().date().toString(Qt::ISODate)};
8487
}
@@ -101,7 +104,7 @@ void CertificateWidgetInfo::setCertificateInfo(const CardCertificateAndPinInfo&
101104
certAndPinInfo = cardCertPinInfo;
102105
const auto& certInfo = cardCertPinInfo.certInfo;
103106
QString warning;
104-
auto [issuer, effectiveDate, expiryDate] = certData();
107+
auto [subject, issuer, effectiveDate, expiryDate] = certData();
105108
if (certInfo.notEffective) {
106109
effectiveDate = displayInRed(effectiveDate);
107110
warning = displayInRed(CertificateWidget::tr(" (Not effective)"));
@@ -111,7 +114,7 @@ void CertificateWidgetInfo::setCertificateInfo(const CardCertificateAndPinInfo&
111114
warning = displayInRed(CertificateWidget::tr(" (Expired)"));
112115
}
113116
info->setText(CertificateWidget::tr("<b>%1</b><br />Issuer: %2<br />Valid: %3 to %4%5")
114-
.arg(certInfo.subject, issuer, effectiveDate, expiryDate, warning));
117+
.arg(subject, issuer, effectiveDate, expiryDate, warning));
115118
info->parentWidget()->setDisabled(certInfo.notEffective || certInfo.isExpired
116119
|| cardCertPinInfo.pinInfo.pinIsBlocked);
117120
if (warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked) {
@@ -171,10 +174,8 @@ bool CertificateButton::eventFilter(QObject* object, QEvent* event)
171174
void CertificateButton::setCertificateInfo(const CardCertificateAndPinInfo& cardCertPinInfo)
172175
{
173176
CertificateWidgetInfo::setCertificateInfo(cardCertPinInfo);
174-
const auto& certInfo = cardCertPinInfo.certInfo;
175-
auto [issuer, effectiveDate, expiryDate] = certData();
176-
setText(tr("%1 Issuer: %2 Valid: %3 to %4")
177-
.arg(certInfo.subject, issuer, effectiveDate, expiryDate));
177+
auto [subject, issuer, effectiveDate, expiryDate] = certData();
178+
setText(tr("%1 Issuer: %2 Valid: %3 to %4").arg(subject, issuer, effectiveDate, expiryDate));
178179
}
179180

180181
void CertificateButton::paintEvent(QPaintEvent* /*event*/)

src/ui/certificatewidget.hpp

+1-1
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ class CertificateWidgetInfo
4242
Q_DISABLE_COPY_MOVE(CertificateWidgetInfo)
4343

4444
void drawWarnIcon();
45-
std::tuple<QString, QString, QString> certData() const;
45+
std::tuple<QString, QString, QString, QString> certData() const;
4646

4747
QLabel* icon;
4848
QLabel* info;

0 commit comments

Comments
 (0)