HTML escape certificate fields

WE2-926

Signed-off-by: Raul Metsma <raul@metsma.ee>

Author: metsma

src/controller/command-handlers/certificatereader.cpp

@@ -78,7 +78,7 @@ CardCertificateAndPinInfo getCertificateWithStatusAndInfo(const CardInfo::ptr& c
 CertificateReader::CertificateReader(const CommandWithArguments& cmd) : CommandHandler(cmd)
 {
     validateAndStoreOrigin(cmd.second);
-    if (Application* app = qobject_cast<Application*>(qApp)) {
+    if (auto* app = qobject_cast<Application*>(qApp)) {
         app->loadTranslations(cmd.second.value(QStringLiteral("lang")).toString());
     }
 }
@@ -142,7 +142,7 @@ void CertificateReader::validateAndStoreOrigin(const QVariantMap& arguments)
         || origin.hasFragment()) {
         THROW(CommandHandlerInputDataError, "origin is not in <scheme>://<host>[:<port>] format");
     }
-    if (origin.scheme() != QStringLiteral("https") && origin.scheme() != QStringLiteral("wss")) {
+    if (origin.scheme() != QLatin1String("https") && origin.scheme() != QLatin1String("wss")) {
         THROW(CommandHandlerInputDataError, "origin scheme has to be https or wss");
     }
 }

src/ui/certificatewidget.cpp

@@ -78,7 +78,9 @@ CardCertificateAndPinInfo CertificateWidgetInfo::certificateInfo() const
 
 std::tuple<QString, QString, QString> CertificateWidgetInfo::certData() const
 {
-    return {certAndPinInfo.certificate.issuerInfo(QSslCertificate::CommonName).join(' '),
+    return {certAndPinInfo.certificate.issuerInfo(QSslCertificate::CommonName)
+                .join(' ')
+                .toHtmlEscaped(),
             certAndPinInfo.certificate.effectiveDate().date().toString(Qt::ISODate),
             certAndPinInfo.certificate.expiryDate().date().toString(Qt::ISODate)};
 }
@@ -110,8 +112,9 @@ void CertificateWidgetInfo::setCertificateInfo(const CardCertificateAndPinInfo&
         expiryDate = displayInRed(expiryDate);
         warning = displayInRed(CertificateWidget::tr(" (Expired)"));
     }
-    info->setText(CertificateWidget::tr("<b>%1</b><br />Issuer: %2<br />Valid: %3 to %4%5")
-                      .arg(certInfo.subject, issuer, effectiveDate, expiryDate, warning));
+    info->setText(
+        CertificateWidget::tr("<b>%1</b><br />Issuer: %2<br />Valid: %3 to %4%5")
+            .arg(certInfo.subject.toHtmlEscaped(), issuer, effectiveDate, expiryDate, warning));
     info->parentWidget()->setDisabled(certInfo.notEffective || certInfo.isExpired
                                       || cardCertPinInfo.pinInfo.pinIsBlocked);
     if (warning.isEmpty() && cardCertPinInfo.pinInfo.pinIsBlocked) {
@@ -174,7 +177,7 @@ void CertificateButton::setCertificateInfo(const CardCertificateAndPinInfo& card
     const auto& certInfo = cardCertPinInfo.certInfo;
     auto [issuer, effectiveDate, expiryDate] = certData();
     setText(tr("%1 Issuer: %2 Valid: %3 to %4")
-                .arg(certInfo.subject, issuer, effectiveDate, expiryDate));
+                .arg(certInfo.subject.toHtmlEscaped(), issuer, effectiveDate, expiryDate));
 }
 
 void CertificateButton::paintEvent(QPaintEvent* /*event*/)