Ensure inner html is escaped when bolding.

Fixes #12033
2026-02-24 03:35:58 +00:00 · 2022-03-03 09:40:55 -05:00
parent 56a8451d07
commit 9d9e6e2972
1 changed files with 3 additions and 1 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/util/HtmlUtil.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/util/HtmlUtil.java
@@ -1,9 +1,11 @@
 package org.thoughtcrime.securesms.util;

+import android.text.Html;
+
 import androidx.annotation.NonNull;

 public class HtmlUtil {
  public static @NonNull String bold(@NonNull String target) {
-    return "<b>" + target + "</b>";
+    return "<b>" + Html.escapeHtml(target) + "</b>";
  }
 }