[Freeciv-Dev] [bug #24829] Qt chatline still interprets &entity; syntax

Jacob Nevins Mon, 04 Jul 2016 16:31:25 -0700

URL:
  <http://gna.org/bugs/?24829>


                 Summary: Qt chatline still interprets &entity; syntax
                 Project: Freeciv
            Submitted by: jtn
            Submitted on: Tue 05 Jul 2016 12:30:21 AM BST
                Category: client-qt
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
                 Release: 
         Discussion Lock: Any
        Operating System: Any
         Planned Release: 
 Contains string changes: None

    _______________________________________________________

Details:

Patch #7263 escaped < and >, but not &. For instance enter "&copy;" in the
chat line. Fewer opportunities for mischief but we should fix it.

Feels like we should be using QString::toHtmlEscaped()
<http://doc.qt.io/qt-5/qstring.html#toHtmlEscaped> instead of rolling our
own.

I think the right answer is probably that apply_tags() should run
toHtmlEscaped() on fragments of input string just before inserting its own
html tags, and we get rid of increase_tags() (and replace_signs()).

(How many more lurking HTML escaping issues do we have in the Qt client,
though?)




    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?24829>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
[email protected]
https://mail.gna.org/listinfo/freeciv-dev

[Freeciv-Dev] [bug #24829] Qt chatline still interprets &entity; syntax

Reply via email to