From de7de35082ec21d506a90e68cb30888540ec64cc Mon Sep 17 00:00:00 2001
From: Thorvald Natvig <slicer@users.sourceforge.net>
Date: Tue, 20 Oct 2009 13:31:02 +0200
Subject: Fix XML entities in QTextDocument::toHtml()

If a QTextDocument contains an anchor with a & in it, this & is not
escaped in the toHtml() function, meaning the resulting document
can't be parsed as XML as it will contain invalid entities.

Reviewed-by: Olivier Goffart
Merge-request: 1753
---
 src/gui/text/qtextdocument.cpp                 | 33 ++++++++++++++++++++------
 tests/auto/qtextdocument/qtextdocument.pro     |  1 +
 tests/auto/qtextdocument/tst_qtextdocument.cpp | 32 +++++++++++++++++++++++--
 3 files changed, 57 insertions(+), 9 deletions(-)

diff --git a/src/gui/text/qtextdocument.cpp b/src/gui/text/qtextdocument.cpp
index a8956b8..17981e3 100644
--- a/src/gui/text/qtextdocument.cpp
+++ b/src/gui/text/qtextdocument.cpp
@@ -168,6 +168,25 @@ QString Qt::escape(const QString& plain)
     return rich;
 }
 
+static QString escapeXml(const QString &plain)
+{
+    QString rich;
+    rich.reserve(int(plain.length() * 1.1));
+    for (int i = 0; i < plain.length(); ++i) {
+        if (plain.at(i) == QLatin1Char('<'))
+            rich += QLatin1String("&lt;");
+        else if (plain.at(i) == QLatin1Char('>'))
+            rich += QLatin1String("&gt;");
+        else if (plain.at(i) == QLatin1Char('&'))
+            rich += QLatin1String("&amp;");
+        else if (plain.at(i) == QLatin1Char('"'))
+            rich += QLatin1String("&quot;");
+        else
+            rich += plain.at(i);
+    }
+    return rich;
+}
+
 /*!
     \fn QString Qt::convertFromPlainText(const QString &plain, WhiteSpaceMode mode)
 
@@ -2038,7 +2057,7 @@ void QTextHtmlExporter::emitAttribute(const char *attribute, const QString &valu
     html += QLatin1Char(' ');
     html += QLatin1String(attribute);
     html += QLatin1String("=\"");
-    html += value;
+    html += escapeXml(value);
     html += QLatin1Char('"');
 }
 
@@ -2302,12 +2321,12 @@ void QTextHtmlExporter::emitFontFamily(const QString &family)
 {
     html += QLatin1String(" font-family:");
 
-    QLatin1Char quote('\'');
-    if (family.contains(quote))
-        quote = QLatin1Char('\"');
+    QLatin1String quote("\'");
+    if (family.contains(QLatin1Char('\'')))
+        quote = QLatin1String("&quot;");
 
     html += quote;
-    html += family;
+    html += escapeXml(family);
     html += quote;
     html += QLatin1Char(';');
 }
@@ -2341,13 +2360,13 @@ void QTextHtmlExporter::emitFragment(const QTextFragment &fragment)
         const QString name = format.anchorName();
         if (!name.isEmpty()) {
             html += QLatin1String("<a name=\"");
-            html += name;
+            html += escapeXml(name);
             html += QLatin1String("\"></a>");
         }
         const QString href = format.anchorHref();
         if (!href.isEmpty()) {
             html += QLatin1String("<a href=\"");
-            html += href;
+            html += escapeXml(href);
             html += QLatin1String("\">");
             closeAnchor = true;
         }
diff --git a/tests/auto/qtextdocument/qtextdocument.pro b/tests/auto/qtextdocument/qtextdocument.pro
index d3ec45d..1e44a9c 100644
--- a/tests/auto/qtextdocument/qtextdocument.pro
+++ b/tests/auto/qtextdocument/qtextdocument.pro
@@ -1,4 +1,5 @@
 load(qttest_p4)
+QT += xml
 HEADERS += common.h
 SOURCES += tst_qtextdocument.cpp 
 
diff --git a/tests/auto/qtextdocument/tst_qtextdocument.cpp b/tests/auto/qtextdocument/tst_qtextdocument.cpp
index f393393..452b683 100644
--- a/tests/auto/qtextdocument/tst_qtextdocument.cpp
+++ b/tests/auto/qtextdocument/tst_qtextdocument.cpp
@@ -59,6 +59,7 @@
 #include <qfontmetrics.h>
 #include <qimage.h>
 #include <qtextlayout.h>
+#include <QDomDocument>
 #include "common.h"
 
 
@@ -732,7 +733,7 @@ void tst_QTextDocument::toHtml_data()
         cursor.insertText("Blah", fmt);
 
         QTest::newRow("font-family-with-quotes1") << QTextDocumentFragment(&doc)
-                                  << QString("<p DEFAULTBLOCKSTYLE><span style=\" font-family:\"Foo's Family\";\">Blah</span></p>");
+                                  << QString("<p DEFAULTBLOCKSTYLE><span style=\" font-family:&quot;Foo's Family&quot;;\">Blah</span></p>");
     }
 
     {
@@ -743,7 +744,7 @@ void tst_QTextDocument::toHtml_data()
         cursor.insertText("Blah", fmt);
 
         QTest::newRow("font-family-with-quotes2") << QTextDocumentFragment(&doc)
-                                  << QString("<p DEFAULTBLOCKSTYLE><span style=\" font-family:'Foo\"s Family';\">Blah</span></p>");
+                                  << QString("<p DEFAULTBLOCKSTYLE><span style=\" font-family:'Foo&quot;s Family';\">Blah</span></p>");
     }
 
     {
@@ -974,6 +975,30 @@ void tst_QTextDocument::toHtml_data()
     {
         CREATE_DOC_AND_CURSOR();
 
+        QTextCharFormat fmt;
+        fmt.setAnchor(true);
+        fmt.setAnchorHref("http://www.kde.org/?a=1&b=2");
+        cursor.insertText("Blah", fmt);
+
+        QTest::newRow("href anchor with &") << QTextDocumentFragment(&doc)
+                                  << QString("<p DEFAULTBLOCKSTYLE><a href=\"http://www.kde.org/?a=1&amp;b=2\">Blah</a></p>");
+    }
+
+    {
+        CREATE_DOC_AND_CURSOR();
+
+        QTextCharFormat fmt;
+        fmt.setAnchor(true);
+        fmt.setAnchorHref("http://www.kde.org/?a='&b=\"");
+        cursor.insertText("Blah", fmt);
+
+        QTest::newRow("href anchor with ' and \"") << QTextDocumentFragment(&doc)
+                                  << QString("<p DEFAULTBLOCKSTYLE><a href=\"http://www.kde.org/?a='&amp;b=&quot;\">Blah</a></p>");
+    }
+
+    {
+        CREATE_DOC_AND_CURSOR();
+
         cursor.insertTable(2, 2);
 
         QTest::newRow("simpletable") << QTextDocumentFragment(&doc)
@@ -1541,6 +1566,9 @@ void tst_QTextDocument::toHtml()
     QString output = doc->toHtml();
 
     QCOMPARE(output, expectedOutput);
+    
+    QDomDocument document;
+    QVERIFY2(document.setContent(output), "Output was not valid XML");
 }
 
 void tst_QTextDocument::toHtml2()
-- 
cgit v0.12