mahfiaz has proposed merging lp:~mahfiaz/openlp/bug-908197 into lp:openlp.
Requested reviews:
OpenLP Core (openlp-core)
Related bugs:
Bug #908197 in OpenLP: "HTML tags not escaped in alert message"
https://bugs.launchpad.net/openlp/+bug/908197
For more details, see:
https://code.launchpad.net/~mahfiaz/openlp/bug-908197/+merge/86827
Converts <> marks to <> to make it impossible to insert HTML to alert
message.
--
https://code.launchpad.net/~mahfiaz/openlp/bug-908197/+merge/86827
Your team OpenLP Core is requested to review the proposed merge of
lp:~mahfiaz/openlp/bug-908197 into lp:openlp.
=== modified file 'openlp/core/ui/maindisplay.py'
--- openlp/core/ui/maindisplay.py 2011-12-22 21:36:22 +0000
+++ openlp/core/ui/maindisplay.py 2011-12-23 19:20:31 +0000
@@ -240,12 +240,14 @@
not self.isVisible():
shrink = True
js = u'show_alert("%s", "%s")' % (
- text.replace(u'\\', u'\\\\').replace(u'\"', u'\\\"'),
+ text.replace(u'\\', u'\\\\').replace(u'\"', u'\\\"')
+ .replace(u'<', u'<').replace(u'>', u'>'),
u'top')
else:
shrink = False
js = u'show_alert("%s", "")' % (
- text.replace(u'\\', u'\\\\').replace(u'\"', u'\\\"'))
+ text.replace(u'\\', u'\\\\').replace(u'\"', u'\\\"')
+ .replace(u'<', u'<').replace(u'>', u'>'))
height = self.frame.evaluateJavaScript(js)
if shrink:
if text:
_______________________________________________
Mailing list: https://launchpad.net/~openlp-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openlp-core
More help : https://help.launchpad.net/ListHelp
