From 55180e3598a77e5791316cb878d843583662cb4f Mon Sep 17 00:00:00 2001 From: Chocobo1 Date: Sun, 15 Sep 2019 14:30:58 +0800 Subject: [PATCH 1/2] Remove redundant HTML escaping The text widget is already set to plaintext and doing HTML escaping will not give us more security but only makes it harder to read. --- src/gui/properties/propertieswidget.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gui/properties/propertieswidget.cpp b/src/gui/properties/propertieswidget.cpp index e3b4f1767..e0245d3b2 100644 --- a/src/gui/properties/propertieswidget.cpp +++ b/src/gui/properties/propertieswidget.cpp @@ -333,7 +333,7 @@ void PropertiesWidget::loadTorrentInfos(BitTorrent::TorrentHandle *const torrent // URL seeds loadUrlSeeds(); - m_ui->labelCreatedByVal->setText(m_torrent->creator().toHtmlEscaped()); + m_ui->labelCreatedByVal->setText(m_torrent->creator()); // List files in torrent m_propListModel->model()->setupModelData(m_torrent->info()); From 617bf767df6b56094cebea9e038305a2af1b74c0 Mon Sep 17 00:00:00 2001 From: Chocobo1 Date: Sun, 15 Sep 2019 14:35:02 +0800 Subject: [PATCH 2/2] Escape HTML in comment field --- src/gui/addnewtorrentdialog.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gui/addnewtorrentdialog.cpp b/src/gui/addnewtorrentdialog.cpp index 87754575e..5034676e1 100644 --- a/src/gui/addnewtorrentdialog.cpp +++ b/src/gui/addnewtorrentdialog.cpp @@ -606,7 +606,7 @@ void AddNewTorrentDialog::setupTreeview() setWindowTitle(m_torrentInfo.name()); // Set torrent information - m_ui->labelCommentData->setText(Utils::Misc::parseHtmlLinks(m_torrentInfo.comment())); + m_ui->labelCommentData->setText(Utils::Misc::parseHtmlLinks(m_torrentInfo.comment().toHtmlEscaped())); m_ui->labelDateData->setText(!m_torrentInfo.creationDate().isNull() ? m_torrentInfo.creationDate().toString(Qt::DefaultLocaleShortDate) : tr("Not available")); // Prepare content tree