Escape HTML in MessageList_SubjectWidget (fixes #1234)

This commit is contained in:
Dmitri Bogomolov 2019-04-26 11:05:02 +03:00
parent 38f36d7860
commit e3344ade59
Signed by untrusted user: g1itch
GPG Key ID: 720A756F18DEED13

View File

@ -4,6 +4,8 @@ src/bitmessageqt/foldertree.py
""" """
# pylint: disable=too-many-arguments,bad-super-call,attribute-defined-outside-init # pylint: disable=too-many-arguments,bad-super-call,attribute-defined-outside-init
from cgi import escape
from PyQt4 import QtCore, QtGui from PyQt4 import QtCore, QtGui
from bmconfigparser import BMConfigParser from bmconfigparser import BMConfigParser
@ -456,6 +458,8 @@ class MessageList_SubjectWidget(BMTableWidgetItem):
"""Return object data (QT UI)""" """Return object data (QT UI)"""
if role == QtCore.Qt.UserRole: if role == QtCore.Qt.UserRole:
return self.subject return self.subject
if role == QtCore.Qt.ToolTipRole:
return escape(self.subject)
return super(MessageList_SubjectWidget, self).data(role) return super(MessageList_SubjectWidget, self).data(role)
# label (or address) alphabetically, disabled at the end # label (or address) alphabetically, disabled at the end