Fix HTML escaping artefacts

KitsuneRal · KitsuneRal · commit e7bd0ae2a61d · 2019-04-22T09:26:11.000+09:00
diff --git a/client/models/messageeventmodel.cpp b/client/models/messageeventmodel.cpp
@@ -449,7 +449,8 @@ QVariant MessageEventModel::data(const QModelIndex& idx, int role) const
             }
             , [this] (const RoomMemberEvent& e) {
                 // FIXME: Rewind to the name that was at the time of this event
-                auto subjectName = m_currentRoom->safeMemberName(e.userId());
+                const auto subjectName =
+                    m_currentRoom->safeMemberName(e.userId()).toHtmlEscaped();
                 // The below code assumes senderName output in AuthorRole
                 switch( e.membership() )
                 {
diff --git a/client/qml/TimelineItem.qml b/client/qml/TimelineItem.qml
@@ -157,6 +157,7 @@ Item {
                 elide: Text.ElideRight
 
                 color: textColor
+                textFormat: Label.PlainText
                 font.bold: !xchatStyle
                 renderType: settings.render_type
 
@@ -234,14 +235,23 @@ Item {
                     rightPadding: 2
                     x: -textScrollBar.position * contentWidth
 
+                    // Doesn't work for attributes
+                    function toHtmlEscaped(txt) {
+                        // Make sure to replace & first
+                        var eTxt = txt.replace(/&/g, '&amp;')
+                                  .replace(/</g, '&lt;').replace(/>/g, '&gt;')
+                        console.log(eTxt)
+                        return eTxt
+                    }
+
                     selectByMouse: true
                     readOnly: true
                     textFormat: TextEdit.RichText
                     // FIXME: The text is clumsy and slows down creation
                     text: (actionEvent && !xchatStyle ?
                            ("<a href='#mention' style='text-decoration:none;color:\"" +
                                     defaultPalette.text + "\"'><b>" +
-                                    authorName + "</b></a> ") : ""
+                                    toHtmlEscaped(authorName) + "</b></a> ") : ""
                           ) + display +
                           (annotation ? "<br><em>" + annotation + "</em>" : "")
                     horizontalAlignment: Text.AlignLeft
diff --git a/client/quaternionroom.cpp b/client/quaternionroom.cpp
@@ -99,7 +99,7 @@ bool QuaternionRoom::canSwitchVersions() const
 
 QString QuaternionRoom::safeMemberName(const QString& userId) const
 {
-    return sanitized(roomMembername(userId)).toHtmlEscaped();
+    return sanitized(roomMembername(userId));
 }
 
 void QuaternionRoom::countChanged()

Original file line number	Diff line number	Diff line change
`@@ -449,7 +449,8 @@ QVariant MessageEventModel::data(const QModelIndex& idx, int role) const`
`449`	`449`	`}`
`450`	`450`	`, [this] (const RoomMemberEvent& e) {`
`451`	`451`	`// FIXME: Rewind to the name that was at the time of this event`
`452`		`- auto subjectName = m_currentRoom->safeMemberName(e.userId());`
	`452`	`+ const auto subjectName =`
	`453`	`+ m_currentRoom->safeMemberName(e.userId()).toHtmlEscaped();`
`453`	`454`	`// The below code assumes senderName output in AuthorRole`
`454`	`455`	`switch( e.membership() )`
`455`	`456`	`{`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ bool QuaternionRoom::canSwitchVersions() const`
`99`	`99`
`100`	`100`	`QString QuaternionRoom::safeMemberName(const QString& userId) const`
`101`	`101`	`{`
`102`		`- return sanitized(roomMembername(userId)).toHtmlEscaped();`
	`102`	`+ return sanitized(roomMembername(userId));`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`void QuaternionRoom::countChanged()`