Skip to content

Commit

Permalink
Disallow HTML entity escaping in headers
Browse files Browse the repository at this point in the history
Response headers shall not convert ampersands into HTML entities (such
as having an ampersand and a semicolon in a header value). This may be
the case for the CSP headers, where there are URLs that may have query
params, and there are multiple sections separated by semicolons.
  • Loading branch information
danirod committed Jul 9, 2024
1 parent 22507a7 commit c7772d1
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/widgets/response_headers.rs
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ mod imp {
self.list_box.bind_model(Some(model), |item| {
let item = item.downcast_ref::<KeyValueItem>().unwrap();
let widget = adw::ActionRow::new();
widget.set_use_markup(false);
widget.set_title(&item.header_name());
widget.set_title_selectable(true);
widget.set_subtitle(&item.header_value());
Expand Down

0 comments on commit c7772d1

Please sign in to comment.