Commit fcd3b305 authored by Aleix Pol Gonzalez's avatar Aleix Pol Gonzalez 🐧 Committed by Albert Astals Cid
Browse files

Only turn http[s] links into clickable links

CVE-2021-28117

(cherry picked from commit d375031f)
parent 026fc2bc
......@@ -101,7 +101,7 @@ QString KNSResource::longDescription()
ret.remove(QRegularExpression(QStringLiteral("\\[\\/?[a-z]*\\]")));
// Find anything that looks like a link (but which also is not some html
// tag value or another already) and make it a link
static const QRegularExpression urlRegExp(QStringLiteral("(^|\\s)([-a-zA-Z0-9@:%_\\+.~#?&//=]{2,256}\\.[a-z]{2,4}\\b(\\/[-a-zA-Z0-9@:;%_\\+.~#?&//=]*)?)"), QRegularExpression::CaseInsensitiveOption);
static const QRegularExpression urlRegExp(QStringLiteral("(^|\\s)(http[-a-zA-Z0-9@:%_\\+.~#?&//=]{2,256}\\.[a-z]{2,4}\\b(\\/[-a-zA-Z0-9@:;%_\\+.~#?&//=]*)?)"), QRegularExpression::CaseInsensitiveOption);
ret.replace(urlRegExp, QStringLiteral("<a href=\"\\2\">\\2</a>"));
return ret;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment