From 6577320f8653fbd99a100a844d7b42a46da5f45a Mon Sep 17 00:00:00 2001
From: Kitsune Ral <Kitsune-Ral@users.sf.net>
Date: Sun, 17 Mar 2019 09:03:34 +0900
Subject: RoomMemberEvent: sanitize user display names

MemberEventContent::displayName() will strip away Unicode text direction override characters. Direct access to JSON can still provide "raw" data.
---
 lib/util.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'lib/util.cpp')

diff --git a/lib/util.cpp b/lib/util.cpp
index d042aa34..2744d45f 100644
--- a/lib/util.cpp
+++ b/lib/util.cpp
@@ -63,10 +63,18 @@ static void linkifyUrls(QString& htmlEscapedText)
                  QStringLiteral(R"(\1<a href="https://matrix.to/#/\2">\2</a>)"));
 }
 
+QString QMatrixClient::sanitized(const QString& plainText)
+{
+    auto text = plainText;
+    text.remove(QChar(0x202e));
+    text.remove(QChar(0x202d));
+    return text.toHtmlEscaped();
+}
+
 QString QMatrixClient::prettyPrint(const QString& plainText)
 {
     auto pt = QStringLiteral("<span style='white-space:pre-wrap'>") +
-            plainText.toHtmlEscaped() + QStringLiteral("</span>");
+            sanitized(plainText).toHtmlEscaped() + QStringLiteral("</span>");
     pt.replace('\n', QStringLiteral("<br/>"));
 
     linkifyUrls(pt);
-- 
cgit v1.2.3