From e3344ade59cda34b2f70c6e27a7fb1f0b817c064 Mon Sep 17 00:00:00 2001
From: Dmitri Bogomolov <4glitch@gmail.com>
Date: Fri, 26 Apr 2019 11:05:02 +0300
Subject: [PATCH] Escape HTML in MessageList_SubjectWidget (fixes #1234)

---
 src/bitmessageqt/foldertree.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/bitmessageqt/foldertree.py b/src/bitmessageqt/foldertree.py
index fe31191f..f3230210 100644
--- a/src/bitmessageqt/foldertree.py
+++ b/src/bitmessageqt/foldertree.py
@@ -4,6 +4,8 @@ src/bitmessageqt/foldertree.py
 """
 # pylint: disable=too-many-arguments,bad-super-call,attribute-defined-outside-init
 
+from cgi import escape
+
 from PyQt4 import QtCore, QtGui
 
 from bmconfigparser import BMConfigParser
@@ -456,6 +458,8 @@ class MessageList_SubjectWidget(BMTableWidgetItem):
         """Return object data (QT UI)"""
         if role == QtCore.Qt.UserRole:
             return self.subject
+        if role == QtCore.Qt.ToolTipRole:
+            return escape(self.subject)
         return super(MessageList_SubjectWidget, self).data(role)
 
     # label (or address) alphabetically, disabled at the end