strip html before showing in generic_gui_message for security reasons

Kicksecure · Jul 3, 2014 · 91a2614 · 91a2614
1 parent 845a8ff
commit 91a2614
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/debian/control b/debian/control
@@ -14,7 +14,8 @@ Standards-Version: 3.9.4
 
 Package: open-link-confirmation
 Architecture: all
-Depends: generic-gui-message, sensible-utils, anon-icon-pack, ${misc:Depends}
+Depends: generic-gui-message, sensible-utils, anon-icon-pack,
+ msgcollector, ${misc:Depends}
 Recommends: tb-starter, tb-updater, tb-default-browser
 Description: Asks for confirmation before opening links
  Asks before a link is (accidentally) opened in a browser. Links are opened in

diff --git a/usr/lib/open_link_confirmation b/usr/lib/open_link_confirmation
@@ -98,6 +98,8 @@ main_function() {
       ## Trim temp to 128 characters.
       temp="${temp:0:$trim}"
 
+      temp="$(/usr/lib/msgcollector/striphtml "${1+"$@"}")"
+
       if [ "$temp_string_length" -gt "$trim" ]; then
          local extra_long_link="<p>Note: The address is too long, so only the first $trim characters are shown.</p>"
       fi