diff options
| author | Kitsune Ral <Kitsune-Ral@users.sf.net> | 2019-03-17 09:03:34 +0900 |
|---|---|---|
| committer | Kitsune Ral <Kitsune-Ral@users.sf.net> | 2019-03-24 19:08:20 +0900 |
| commit | e855085835909549aa866ed968e24902eb378b5a (patch) | |
| tree | 975797a8b1515b22e7ffeba2e5f385dcf1212663 | |
| parent | 21e5138f6cf1e96d3cac702e2ada2a0148a3ec92 (diff) | |
| download | libquotient-e855085835909549aa866ed968e24902eb378b5a.tar.gz libquotient-e855085835909549aa866ed968e24902eb378b5a.zip | |
RoomMemberEvent: sanitize user display names
MemberEventContent::displayName() will strip away Unicode text direction override characters. Direct access to JSON can still provide "raw" data.
| -rw-r--r-- | lib/events/roommemberevent.cpp | 2 | ||||
| -rw-r--r-- | lib/util.cpp | 10 | ||||
| -rw-r--r-- | lib/util.h | 7 |
3 files changed, 16 insertions, 3 deletions
diff --git a/lib/events/roommemberevent.cpp b/lib/events/roommemberevent.cpp index a5ac3c5f..6da76526 100644 --- a/lib/events/roommemberevent.cpp +++ b/lib/events/roommemberevent.cpp @@ -52,7 +52,7 @@ using namespace QMatrixClient; MemberEventContent::MemberEventContent(const QJsonObject& json) : membership(fromJson<MembershipType>(json["membership"_ls])) , isDirect(json["is_direct"_ls].toBool()) - , displayName(json["displayname"_ls].toString()) + , displayName(sanitized(json["displayname"_ls].toString())) , avatarUrl(json["avatar_url"_ls].toString()) { } diff --git a/lib/util.cpp b/lib/util.cpp index e1f312ee..8d16cfc8 100644 --- a/lib/util.cpp +++ b/lib/util.cpp @@ -63,10 +63,18 @@ static void linkifyUrls(QString& htmlEscapedText) QStringLiteral(R"(\1<a href="https://matrix.to/#/\2">\2</a>)")); } +QString QMatrixClient::sanitized(const QString& plainText) +{ + auto text = plainText; + text.remove(QChar(0x202e)); + text.remove(QChar(0x202d)); + return text; +} + QString QMatrixClient::prettyPrint(const QString& plainText) { auto pt = QStringLiteral("<span style='white-space:pre-wrap'>") + - plainText.toHtmlEscaped() + QStringLiteral("</span>"); + plainText.toHtmlEscaped() + QStringLiteral("</span>"); pt.replace('\n', QStringLiteral("<br/>")); linkifyUrls(pt); @@ -296,7 +296,12 @@ namespace QMatrixClient return std::make_pair(last, sLast); } - /** Pretty-prints plain text into HTML + /** Sanitize the text before showing in HTML + * This does toHtmlEscaped() and removes Unicode BiDi marks. + */ + QString sanitized(const QString& plainText); + + /** Pretty-print plain text into HTML * This includes HTML escaping of <,>,",& and URLs linkification. */ QString prettyPrint(const QString& plainText); |