From 9080e2b826e8cffaa56af96d6b670c219e78424f Mon Sep 17 00:00:00 2001
From: Kevin Smith <git@kismith.co.uk>
Date: Fri, 11 May 2012 14:14:37 +0100
Subject: Don't allow form results to get interpreted as HTML


diff --git a/Swift/QtUI/ChatSnippet.h b/Swift/QtUI/ChatSnippet.h
index f79f487..92a6837 100644
--- a/Swift/QtUI/ChatSnippet.h
+++ b/Swift/QtUI/ChatSnippet.h
@@ -34,6 +34,7 @@ namespace Swift {
 				result.replace("%time%", "%&#37;time&#37;");
 				result.replace("%shortTime%", "%&#37;shortTime&#37;");
 				result.replace("%userIconPath%", "&#37;userIconPath&#37;");
+				result.replace("\t", "    ");
 				result.replace("  ", "&nbsp;&nbsp;");
 				return result;
 			}
diff --git a/Swift/QtUI/QtFormWidget.cpp b/Swift/QtUI/QtFormWidget.cpp
index 1307735..4216863 100644
--- a/Swift/QtUI/QtFormWidget.cpp
+++ b/Swift/QtUI/QtFormWidget.cpp
@@ -96,7 +96,9 @@ QWidget* QtFormWidget::createWidget(FormField::ref field) {
 	boost::shared_ptr<TextMultiFormField> textMultiField = boost::dynamic_pointer_cast<TextMultiFormField>(field);
 	if (textMultiField) {
 		QString value = textMultiField->getValue().c_str();
-		widget = new QTextEdit(value, this);
+		QTextEdit* textWidget = new QTextEdit(this);
+		textWidget->setPlainText(value);
+		widget = textWidget;
 	}
 	boost::shared_ptr<TextPrivateFormField> textPrivateField = boost::dynamic_pointer_cast<TextPrivateFormField>(field);
 	if (textPrivateField) {
@@ -126,7 +128,9 @@ QWidget* QtFormWidget::createWidget(FormField::ref field) {
 			prev = true;
 			text += line.toString().c_str();
 		}
-		widget = new QTextEdit(text, this);
+		QTextEdit* textWidget = new QTextEdit(this);
+		textWidget->setPlainText(text);
+		widget = textWidget;
 	}
 	boost::shared_ptr<ListMultiFormField> listMultiField = boost::dynamic_pointer_cast<ListMultiFormField>(field);
 	if (listMultiField) {
-- 
cgit v0.10.2-6-g49f6