Swiftdiff options
| author | Kevin Smith <git@kismith.co.uk> | 2012-05-11 13:14:37 (GMT) |
|---|---|---|
| committer | Kevin Smith <git@kismith.co.uk> | 2012-05-11 13:14:59 (GMT) |
| commit | 9080e2b826e8cffaa56af96d6b670c219e78424f (patch) | |
| tree | d65ef12a6987e3dc32331a75f9e3ab01fdfc3de9 | |
| parent | 73ae80d0ed8895bb2bad7b9f627d0921ddb2ecb2 (diff) | |
| download | swift-contrib-9080e2b826e8cffaa56af96d6b670c219e78424f.zip swift-contrib-9080e2b826e8cffaa56af96d6b670c219e78424f.tar.bz2 | |
Don't allow form results to get interpreted as HTML
| -rw-r--r-- | Swift/QtUI/ChatSnippet.h | 1 | ||||
| -rw-r--r-- | Swift/QtUI/QtFormWidget.cpp | 8 |
2 files changed, 7 insertions, 2 deletions
diff --git a/Swift/QtUI/ChatSnippet.h b/Swift/QtUI/ChatSnippet.h index f79f487..92a6837 100644 --- a/Swift/QtUI/ChatSnippet.h +++ b/Swift/QtUI/ChatSnippet.h @@ -28,18 +28,19 @@ namespace Swift { } static QString escape(const QString& original) { QString result(original); result.replace("%message%", "%message%"); result.replace("%sender%", "%sender%"); result.replace("%time%", "%%time%"); result.replace("%shortTime%", "%%shortTime%"); result.replace("%userIconPath%", "%userIconPath%"); + result.replace("\t", " "); result.replace(" ", " "); return result; } static QString timeToEscapedString(const QDateTime& time); protected: QString wrapResizable(const QString& text); void setContinuationFallbackSnippet(boost::shared_ptr<ChatSnippet> continuationFallback) { diff --git a/Swift/QtUI/QtFormWidget.cpp b/Swift/QtUI/QtFormWidget.cpp index 1307735..4216863 100644 --- a/Swift/QtUI/QtFormWidget.cpp +++ b/Swift/QtUI/QtFormWidget.cpp @@ -90,19 +90,21 @@ QWidget* QtFormWidget::createWidget(FormField::ref field) { widget = new QLabel(value, this); } boost::shared_ptr<ListSingleFormField> listSingleField = boost::dynamic_pointer_cast<ListSingleFormField>(field); if (listSingleField) { widget = createList(field); } boost::shared_ptr<TextMultiFormField> textMultiField = boost::dynamic_pointer_cast<TextMultiFormField>(field); if (textMultiField) { QString value = textMultiField->getValue().c_str(); - widget = new QTextEdit(value, this); + QTextEdit* textWidget = new QTextEdit(this); + textWidget->setPlainText(value); + widget = textWidget; } boost::shared_ptr<TextPrivateFormField> textPrivateField = boost::dynamic_pointer_cast<TextPrivateFormField>(field); if (textPrivateField) { QString value = textPrivateField->getValue().c_str(); QLineEdit* lineWidget = new QLineEdit(value, this); lineWidget->setEchoMode(QLineEdit::Password); widget = lineWidget; } boost::shared_ptr<TextSingleFormField> textSingleField = boost::dynamic_pointer_cast<TextSingleFormField>(field); @@ -120,19 +122,21 @@ QWidget* QtFormWidget::createWidget(FormField::ref field) { QString text; bool prev = false; foreach (JID line, jidMultiField->getValue()) { if (prev) { text += "\n"; } prev = true; text += line.toString().c_str(); } - widget = new QTextEdit(text, this); + QTextEdit* textWidget = new QTextEdit(this); + textWidget->setPlainText(text); + widget = textWidget; } boost::shared_ptr<ListMultiFormField> listMultiField = boost::dynamic_pointer_cast<ListMultiFormField>(field); if (listMultiField) { widget = createList(field); } boost::shared_ptr<HiddenFormField> hiddenField = boost::dynamic_pointer_cast<HiddenFormField>(field); if (hiddenField) { } fields_[field->getName()] = widget; |