[geary] Encode Content-ID before inserting into HTML

From: Jim Nelson <jnelson src gnome org>
To: commits-list gnome org
Cc:
Subject: [geary] Encode Content-ID before inserting into HTML
Date: Tue, 12 Aug 2014 21:38:38 +0000 (UTC)

commit 64fdb80f4bff786d1a17d63ea6ea6fc7d09608c4
Author: Jim Nelson <jim yorba org>
Date:   Mon Aug 4 13:16:23 2014 -0700

    Encode Content-ID before inserting into HTML
    
    Also, watch for null when fetching node from the DOM.

 .../conversation-viewer/conversation-viewer.vala   |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/src/client/conversation-viewer/conversation-viewer.vala 
b/src/client/conversation-viewer/conversation-viewer.vala
index 4630eeb..4f9a9e8 100644
--- a/src/client/conversation-viewer/conversation-viewer.vala
+++ b/src/client/conversation-viewer/conversation-viewer.vala
@@ -772,10 +772,12 @@ public class ConversationViewer : Gtk.Box {
             debug("Unable to load and rotate image %s for display: %s", filename, err.message);
         }
         
+        string? escaped_content_id = (content_id != null) ? Geary.HTML.escape_markup(content_id) : null;
+        
         return "<img alt=\"%s\" class=\"%s %s\" src=\"%s\" %s />".printf(
             filename, DATA_IMAGE_CLASS, REPLACED_IMAGE_CLASS,
             assemble_data_uri(content_type.get_mime_type(), rotated_image),
-            content_id != null ? @"cid=\"$content_id\"" : "");
+            escaped_content_id != null ? @"cid=\"$escaped_content_id\"" : "");
     }
     
     // Called by Gdk.PixbufLoader when the image's size has been determined but not loaded yet ...
@@ -1743,8 +1745,9 @@ public class ConversationViewer : Gtk.Box {
             // Remove any inline images that were referenced through Content-ID
             foreach (string cid in inlined_content_ids) {
                 try {
-                    WebKit.DOM.Element img = container.query_selector(@"[cid='$cid']");
-                    img.parent_element.remove_child(img);
+                    WebKit.DOM.Element? img = container.query_selector(@"[cid='$cid']");
+                    if (img != null)
+                        img.parent_element.remove_child(img);
                 } catch (Error error) {
                     // expected if no such element
                 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]