forked from openlp/openlp
Use cgi.escape instead of simply replacing tags, also escaping & was missing.
This commit is contained in:
parent
b48dda3c74
commit
185cc5487a
@ -28,6 +28,7 @@
|
|||||||
The :mod:`maindisplay` module provides the functionality to display screens
|
The :mod:`maindisplay` module provides the functionality to display screens
|
||||||
and play multimedia within OpenLP.
|
and play multimedia within OpenLP.
|
||||||
"""
|
"""
|
||||||
|
import cgi
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
@ -239,15 +240,13 @@ class MainDisplay(Display):
|
|||||||
if self.height() != self.screen[u'size'].height() or \
|
if self.height() != self.screen[u'size'].height() or \
|
||||||
not self.isVisible():
|
not self.isVisible():
|
||||||
shrink = True
|
shrink = True
|
||||||
js = u'show_alert("%s", "%s")' % (
|
js = u'show_alert("%s", "%s")' % (cgi.escape(
|
||||||
text.replace(u'\\', u'\\\\').replace(u'\"', u'\\\"')
|
text.replace(u'\\', u'\\\\').replace(u'\"', u'\\\"')),
|
||||||
.replace(u'<', u'<').replace(u'>', u'>'),
|
|
||||||
u'top')
|
u'top')
|
||||||
else:
|
else:
|
||||||
shrink = False
|
shrink = False
|
||||||
js = u'show_alert("%s", "")' % (
|
js = u'show_alert("%s", "")' % (cgi.escape(
|
||||||
text.replace(u'\\', u'\\\\').replace(u'\"', u'\\\"')
|
text.replace(u'\\', u'\\\\').replace(u'\"', u'\\\"')))
|
||||||
.replace(u'<', u'<').replace(u'>', u'>'))
|
|
||||||
height = self.frame.evaluateJavaScript(js)
|
height = self.frame.evaluateJavaScript(js)
|
||||||
if shrink:
|
if shrink:
|
||||||
if text:
|
if text:
|
||||||
|
Loading…
Reference in New Issue
Block a user