Details
-
Bug
-
Resolution: Done
-
Not Evaluated
-
5.15.10, 6.2.4, 6.3.0
-
4698862b76 (qt/qtsvg/dev) 4698862b76 (qt/tqtc-qtsvg/dev)
Description
The following code generates invalid XML (see attached SVG file):
#include <QGuiApplication> #include <QSvgGenerator> #include <QPainter> int main(int argc, char **argv) { QGuiApplication a(argc, argv); QSvgGenerator generator; generator.setFileName("bad.svg"); generator.setSize(QSize(100, 100)); generator.setViewBox(QRect(0,0,100,100)); generator.setTitle(QString("This 'title' is \"bad\" & will cause <problems>")); generator.setDescription(QString("This 'description' is \"bad\" & will cause <more problems>")); QPainter painter(&generator); painter.fillRect(QRect(10,10,80,80), QColor(255,20,20)); painter.drawText(20, 20, "Hello <World>"); }
QPainter::drawText() correctly escapes the text, but the QSvgGenerator title and description are not escaped.
Workaround
Use QString::toHtmlEscaped() on all strings passed into QSvgGenerator::setTitle() and QSvgRenderer::setDescription()