[Sugar-devel] [PATCH sugar 0/2] Escape user data and translations in markup

Sascha Silbe silbe at activitycentral.com
Sun Jun 26 14:06:06 EDT 2011


While chasing down a similar bug in the Clock Frame device, I noticed that
we're lacking the necessary escaping in most of Sugar. See SL#2099 for an
example of what can happen if we don't.

This patch series only covers Palette primary/secondary text and MenuItem
labels. There's a good chance text passed to other widgets needs to be escaped
as well.

Sascha Silbe (2):
  Escape all text passed to Palette.primary_text and .secondary_text
  Escape all text passed to MenuItem.text_label

 extensions/deviceicon/network.py     |    5 ++-
 src/jarabe/desktop/activitieslist.py |    4 ++-
 src/jarabe/desktop/favoritesview.py  |   16 +++++++----
 src/jarabe/desktop/meshbox.py        |    6 +++-
 src/jarabe/desktop/networkviews.py   |   15 +++++++----
 src/jarabe/frame/activitiestray.py   |   38 +++++++++++++++++++----------
 src/jarabe/frame/clipboardmenu.py    |   17 ++++++++----
 src/jarabe/journal/journaltoolbox.py |   11 +++++---
 src/jarabe/journal/palettes.py       |   45 ++++++++++++++++++++-------------
 src/jarabe/view/buddymenu.py         |    7 ++++-
 src/jarabe/view/palettes.py          |   25 ++++++++++++-------
 src/jarabe/view/viewsource.py        |    3 +-
 12 files changed, 123 insertions(+), 69 deletions(-)

--
1.7.2.5



More information about the Sugar-devel mailing list