summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Smith <git@kismith.co.uk>2012-05-11 13:14:37 (GMT)
committerKevin Smith <git@kismith.co.uk>2012-05-11 13:14:59 (GMT)
commit9080e2b826e8cffaa56af96d6b670c219e78424f (patch)
treed65ef12a6987e3dc32331a75f9e3ab01fdfc3de9
parent73ae80d0ed8895bb2bad7b9f627d0921ddb2ecb2 (diff)
downloadswift-contrib-9080e2b826e8cffaa56af96d6b670c219e78424f.zip
swift-contrib-9080e2b826e8cffaa56af96d6b670c219e78424f.tar.bz2
Don't allow form results to get interpreted as HTML
-rw-r--r--Swift/QtUI/ChatSnippet.h1
-rw-r--r--Swift/QtUI/QtFormWidget.cpp8
2 files changed, 7 insertions, 2 deletions
diff --git a/Swift/QtUI/ChatSnippet.h b/Swift/QtUI/ChatSnippet.h
index f79f487..92a6837 100644
--- a/Swift/QtUI/ChatSnippet.h
+++ b/Swift/QtUI/ChatSnippet.h
@@ -34,6 +34,7 @@ namespace Swift {
result.replace("%time%", "%&#37;time&#37;");
result.replace("%shortTime%", "%&#37;shortTime&#37;");
result.replace("%userIconPath%", "&#37;userIconPath&#37;");
+ result.replace("\t", " ");
result.replace(" ", "&nbsp;&nbsp;");
return result;
}
diff --git a/Swift/QtUI/QtFormWidget.cpp b/Swift/QtUI/QtFormWidget.cpp
index 1307735..4216863 100644
--- a/Swift/QtUI/QtFormWidget.cpp
+++ b/Swift/QtUI/QtFormWidget.cpp
@@ -96,7 +96,9 @@ QWidget* QtFormWidget::createWidget(FormField::ref field) {
boost::shared_ptr<TextMultiFormField> textMultiField = boost::dynamic_pointer_cast<TextMultiFormField>(field);
if (textMultiField) {
QString value = textMultiField->getValue().c_str();
- widget = new QTextEdit(value, this);
+ QTextEdit* textWidget = new QTextEdit(this);
+ textWidget->setPlainText(value);
+ widget = textWidget;
}
boost::shared_ptr<TextPrivateFormField> textPrivateField = boost::dynamic_pointer_cast<TextPrivateFormField>(field);
if (textPrivateField) {
@@ -126,7 +128,9 @@ QWidget* QtFormWidget::createWidget(FormField::ref field) {
prev = true;
text += line.toString().c_str();
}
- widget = new QTextEdit(text, this);
+ QTextEdit* textWidget = new QTextEdit(this);
+ textWidget->setPlainText(text);
+ widget = textWidget;
}
boost::shared_ptr<ListMultiFormField> listMultiField = boost::dynamic_pointer_cast<ListMultiFormField>(field);
if (listMultiField) {