Fix escaping of text in empathy log window

We insert text into the log window by using a javascript expression,
with the text to insert quoted with single quotes.

Ensure that we apply the correct escaping so that backslashes and quote
characters are taken literally.

https://bugzilla.gnome.org/show_bug.cgi?id=691085

1 files changed, 21 insertions, 1 deletions

diff --git a/libempathy-gtk/empathy-log-window.c b/libempathy-gtk/empathy-log-window.c
index cba8ae2c..471d80c5 100644
--- a/libempathy-gtk/empathy-log-window.c
+++ b/libempathy-gtk/empathy-log-window.c
@@ -358,7 +358,9 @@ insert_or_change_row (EmpathyLogWindow *self,
 {
   char *str = gtk_tree_path_to_string (path);
   char *script, *text, *date, *stock_icon;
+  GString *escaped_text;
   char *icon = NULL;
+  gint i;
 
   gtk_tree_model_get (model, iter,
       COL_EVENTS_TEXT, &text,
@@ -379,16 +381,34 @@ insert_or_change_row (EmpathyLogWindow *self,
       gtk_icon_info_free (icon_info);
     }
 
+  escaped_text = g_string_new (NULL);
+
+  /* Only need to deal with «'» and «\».
+   *
+   * Note that these never appear in non-ascii utf8 characters, so just
+   * pretend like we have an ascii string...
+   */
+  for (i = 0; text && text[i]; i++)
+    {
+      gchar c = text[i];
+
+      if (c == '\'' || c == '\\')
+        g_string_append_c (escaped_text, '\\');
+
+      g_string_append_c (escaped_text, c);
+    }
+
   script = g_strdup_printf ("javascript:%s([%s], '%s', '%s', '%s');",
       method,
       g_strdelimit (str, ":", ','),
-      text,
+      escaped_text->str,
       icon != NULL ? icon : "",
       date);
 
   webkit_web_view_execute_script (WEBKIT_WEB_VIEW (self->priv->webview),
       script);
 
+  g_string_free (escaped_text, TRUE);
   g_free (str);
   g_free (text);
   g_free (date);