Escape HTML in MessageList_SubjectWidget (fixes #1234)

This commit is contained in:
Dmitri Bogomolov 2019-04-26 11:05:02 +03:00
parent 38f36d7860
commit e3344ade59
Signed by untrusted user: g1itch
GPG Key ID: 720A756F18DEED13

View File

@ -4,6 +4,8 @@ src/bitmessageqt/foldertree.py
"""
# pylint: disable=too-many-arguments,bad-super-call,attribute-defined-outside-init
from cgi import escape
from PyQt4 import QtCore, QtGui
from bmconfigparser import BMConfigParser
@ -456,6 +458,8 @@ class MessageList_SubjectWidget(BMTableWidgetItem):
"""Return object data (QT UI)"""
if role == QtCore.Qt.UserRole:
return self.subject
if role == QtCore.Qt.ToolTipRole:
return escape(self.subject)
return super(MessageList_SubjectWidget, self).data(role)
# label (or address) alphabetically, disabled at the end