wilderjds
/
kmail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't render HTML in attachment descriptions.

Browse Source 
Patch by Daniel Naber.

svn path=/trunk/kdenetwork/kmail/; revision=111373
wilder-work
Michael Haeckel 25 years ago
parent 6cbc0e9d7b
commit 5f019706ee
2 changed files with 13 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      kmmainwin.cpp
  2. 9
      kmreaderwin.cpp

9
kmmainwin.cpp
Unescape View File

@ -515,7 +515,14 @@ void KMMainWin::statusMsg(const QString& aText)
while (!text.isEmpty() && fontMetrics().width( text ) >= statusWidth)
text.truncate( text.length() - 1);
mStatusBar->changeItem( text, mMessageStatusId);
// ### FIXME: We should disable richtext/HTML (to avoid possible denial of service attacks),
// but this code would double the size of the satus bar if the user hovers
// over an <foo@bar.com>-style email address :-(
// text.replace(QRegExp("&"), "&amp;");
// text.replace(QRegExp("<"), "&lt;");
// text.replace(QRegExp(">"), "&gt;");
mStatusBar->changeItem(text, mMessageStatusId);
}

9
kmreaderwin.cpp
Unescape View File

@ -904,7 +904,7 @@ void KMReaderWin::writeBodyStr(const QCString aStr, QTextCodec *aCodec)
/* HTMLize signedBy data ### FIXME: use .arg()*/
QString sdata=pgp->signedBy();
sdata.replace(QRegExp("\""), "&quot;");
sdata.replace(QRegExp("&"), "&amp;");
sdata.replace(QRegExp("<"), "&lt;");
sdata.replace(QRegExp(">"), "&gt;");
@ -1046,7 +1046,7 @@ void KMReaderWin::writePartIcon(KMMessagePart* aMsgPart, int aPartNum)
kdDebug(5006) << "writePartIcon: PartNum: " << aPartNum << endl;
comment = aMsgPart->contentDescription();
comment.replace(QRegExp("\""), "&quot;");
comment.replace(QRegExp("&"), "&amp;");
comment.replace(QRegExp("<"), "&lt;");
comment.replace(QRegExp(">"), "&gt;");
@ -1054,7 +1054,7 @@ void KMReaderWin::writePartIcon(KMMessagePart* aMsgPart, int aPartNum)
if (fileName.isEmpty()) fileName = aMsgPart->name();
label = fileName;
/* HTMLize label */
label.replace(QRegExp("\""), "&quot;");
label.replace(QRegExp("&"), "&amp;");
label.replace(QRegExp("<"), "&lt;");
label.replace(QRegExp(">"), "&gt;");
@ -1161,7 +1161,8 @@ QString KMReaderWin::strToHtml(const QString &aStr, bool aPreserveBlanks) const
continue;
}
}
if (ch=='<') result += "&lt;";
if (ch=='&') result += "&amp;";
else if (ch=='<') result += "&lt;";
else if (ch=='>') result += "&gt;";
else if (ch=='\n') {
result += "<br>";

Write Preview
Loading…
Cancel
Save