diff options
author | Ryan Lortie <desrt@desrt.ca> | 2013-06-08 12:19:39 -0400 |
---|---|---|
committer | Guillaume Desmottes <guillaume.desmottes@collabora.co.uk> | 2013-06-26 10:45:38 +0200 |
commit | 6bace22f3ffb9695870267e2a59858b3feeaa83e (patch) | |
tree | bada38a571c605cd481de2224accd6642ef844b1 | |
parent | e23e2b8330f63207867224ab96ef11b2aedf9cfc (diff) |
Fix escaping of text in empathy log window
We insert text into the log window by using a javascript expression,
with the text to insert quoted with single quotes.
Ensure that we apply the correct escaping so that backslashes and quote
characters are taken literally.
https://bugzilla.gnome.org/show_bug.cgi?id=691085
-rw-r--r-- | libempathy-gtk/empathy-log-window.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/libempathy-gtk/empathy-log-window.c b/libempathy-gtk/empathy-log-window.c index cba8ae2c..471d80c5 100644 --- a/libempathy-gtk/empathy-log-window.c +++ b/libempathy-gtk/empathy-log-window.c @@ -358,7 +358,9 @@ insert_or_change_row (EmpathyLogWindow *self, { char *str = gtk_tree_path_to_string (path); char *script, *text, *date, *stock_icon; + GString *escaped_text; char *icon = NULL; + gint i; gtk_tree_model_get (model, iter, COL_EVENTS_TEXT, &text, @@ -379,16 +381,34 @@ insert_or_change_row (EmpathyLogWindow *self, gtk_icon_info_free (icon_info); } + escaped_text = g_string_new (NULL); + + /* Only need to deal with «'» and «\». + * + * Note that these never appear in non-ascii utf8 characters, so just + * pretend like we have an ascii string... + */ + for (i = 0; text && text[i]; i++) + { + gchar c = text[i]; + + if (c == '\'' || c == '\\') + g_string_append_c (escaped_text, '\\'); + + g_string_append_c (escaped_text, c); + } + script = g_strdup_printf ("javascript:%s([%s], '%s', '%s', '%s');", method, g_strdelimit (str, ":", ','), - text, + escaped_text->str, icon != NULL ? icon : "", date); webkit_web_view_execute_script (WEBKIT_WEB_VIEW (self->priv->webview), script); + g_string_free (escaped_text, TRUE); g_free (str); g_free (text); g_free (date); |