From ff2678d2f53d3409f01e53c8d36652c9bbe01eaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Tue, 17 May 2016 22:06:41 +0200
Subject: [PATCH] qvm-open-in-vm: escape URL when wrapping it in HTML

Thanks @v6ak for the report and solution.

Fixes QubesOS/qubes-issues#1462
---
 qubes-rpc/wrap-in-html-if-url.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/qubes-rpc/wrap-in-html-if-url.sh b/qubes-rpc/wrap-in-html-if-url.sh
index 7a96e7e..e5a91b3 100644
--- a/qubes-rpc/wrap-in-html-if-url.sh
+++ b/qubes-rpc/wrap-in-html-if-url.sh
@@ -6,9 +6,10 @@ wrap_in_html_if_url()
 	*://*)
 		FILE_ARGUMENT=$(mktemp)
 
-		echo -n '<html><meta HTTP-EQUIV="REFRESH" content="0; url=' > $FILE_ARGUMENT
-		echo -n "$1" >> $FILE_ARGUMENT
-		echo '"></html>' >> $FILE_ARGUMENT
+		echo -n '<html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>'
+        echo -n '<meta HTTP-EQUIV="REFRESH" content="0; url=' > $FILE_ARGUMENT
+		echo -n "$1" | sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g; s/"/\&quot;/g; s/'"'"'/\&#39;/g' >> $FILE_ARGUMENT
+		echo '"/></html>' >> $FILE_ARGUMENT
 		;;
 	*)
 		FILE_ARGUMENT="$1"