[Sugar-devel] [PATCH sugar v2] Escape all text passed to Palette.primary_text and .secondary_text

Sascha Silbe silbe at activitycentral.com
Mon Sep 19 15:23:20 EDT 2011


sugar.graphics.palette.Palette passes primary_text and secondary_text through
to GTK without escaping it, so we need to make sure it doesn't contain
anything special in user data (activity title, bundle_id, nick name, etc.) or
translations.

Signed-off-by: Sascha Silbe <silbe at activitycentral.com>
---
v1->v2: Rebased on mainline master, caught a few more occurences

 extensions/deviceicon/battery.py     |    5 ++-
 extensions/deviceicon/network.py     |   35 ++++++++++++++++++++-------------
 extensions/deviceicon/speaker.py     |    4 ++-
 extensions/deviceicon/touchpad.py    |    4 ++-
 src/jarabe/desktop/favoritesview.py  |    4 ++-
 src/jarabe/desktop/networkviews.py   |    6 +++-
 src/jarabe/frame/activitiestray.py   |   15 +++++++++----
 src/jarabe/frame/clipboardmenu.py    |    6 +++-
 src/jarabe/frame/zoomtoolbar.py      |    3 +-
 src/jarabe/journal/expandedentry.py  |    4 ++-
 src/jarabe/journal/palettes.py       |    5 ++-
 src/jarabe/journal/volumestoolbar.py |    6 +++-
 src/jarabe/view/buddymenu.py         |    7 ++++-
 src/jarabe/view/palettes.py          |   24 +++++++++++++++-------
 14 files changed, 84 insertions(+), 44 deletions(-)

diff --git a/extensions/deviceicon/battery.py b/extensions/deviceicon/battery.py
index 4c1ef37..260cb12 100644
--- a/extensions/deviceicon/battery.py
+++ b/extensions/deviceicon/battery.py
@@ -19,6 +19,7 @@
 import sys

 import gconf
+import glib
 import gobject
 import gtk
 import dbus
@@ -67,7 +68,7 @@ def __init__(self, battery):
         self.set_palette_invoker(FrameWidgetInvoker(self))

         self._model = DeviceModel(battery)
-        self.palette = BatteryPalette(_('My Battery'))
+        self.palette = BatteryPalette(glib.markup_escape_text(_('My Battery')))
         self.palette.set_group_id('frame')
         self._model.connect('updated',
                             self.__battery_status_changed_cb)
@@ -161,7 +162,7 @@ def _update_secondary(self):

         self.set_content(progress_widget)

-        self.props.secondary_text = secondary_text
+        self.props.secondary_text = glib.markup_escape_text(secondary_text)
         self._status_label.set_text(status_text)


diff --git a/extensions/deviceicon/network.py b/extensions/deviceicon/network.py
index cf8bd08..789ea13 100644
--- a/extensions/deviceicon/network.py
+++ b/extensions/deviceicon/network.py
@@ -109,11 +109,12 @@ def _padded(child, xalign=0, yalign=0.5):
         self.menu.append(self._disconnect_item)

     def set_connecting(self):
-        self.props.secondary_text = _('Connecting...')
+        label = glib.markup_escape_text(_('Connecting...'))
+        self.props.secondary_text = label

     def _set_connected(self, iaddress):
         self.set_content(self._info)
-        self.props.secondary_text = _('Connected')
+        self.props.secondary_text = glib.markup_escape_text(_('Connected'))
         self._set_ip_address(iaddress)
         self._disconnect_item.show()

@@ -155,7 +156,8 @@ class WiredPalette(Palette):
     __gtype_name__ = 'SugarWiredPalette'

     def __init__(self):
-        Palette.__init__(self, label=_('Wired Network'))
+        label = glib.markup_escape_text(_('Wired Network'))
+        Palette.__init__(self, primary_text=label)

         self._speed_label = gtk.Label()
         self._speed_label.props.xalign = 0.0
@@ -180,7 +182,7 @@ def _padded(child, xalign=0, yalign=0.5):
         self._info.show_all()

         self.set_content(self._info)
-        self.props.secondary_text = _('Connected')
+        self.props.secondary_text = glib.markup_escape_text(_('Connected'))

     def set_connected(self, speed, iaddress):
         self._speed_label.set_text('%s: %d Mb/s' % (_('Speed'), speed))
@@ -208,8 +210,8 @@ class GsmPalette(Palette):
     }

     def __init__(self):
-
-        Palette.__init__(self, label=_('Wireless modem'))
+        label = glib.markup_escape_text(_('Wireless modem'))
+        Palette.__init__(self, primary_text=label)

         self._current_state = None
         self._failed_connection = False
@@ -276,19 +278,22 @@ def update_state(self, state, reason=0):
     def _update_label_and_text(self, reason=0):
         if self._current_state == _GSM_STATE_NOT_READY:
             self._toggle_state_item.get_child().set_label('...')
-            self.props.secondary_text = _('Please wait...')
+            label = glib.markup_escape_text(_('Please wait...'))
+            self.props.secondary_text = label

         elif self._current_state == _GSM_STATE_DISCONNECTED:
             if not self._failed_connection:
                 self._toggle_state_item.get_child().set_label(_('Connect'))
-            self.props.secondary_text = _('Disconnected')
+            label = glib.markup_escape_text(_('Disconnected'))
+            self.props.secondary_text = label
             icon = Icon(icon_name='dialog-ok', \
                             icon_size=gtk.ICON_SIZE_MENU)
             self._toggle_state_item.set_image(icon)

         elif self._current_state == _GSM_STATE_CONNECTING:
             self._toggle_state_item.get_child().set_label(_('Cancel'))
-            self.props.secondary_text = _('Connecting...')
+            label = glib.markup_escape_text(_('Connecting...'))
+            self.props.secondary_text = label
             icon = Icon(icon_name='dialog-cancel', \
                             icon_size=gtk.ICON_SIZE_MENU)
             self._toggle_state_item.set_image(icon)
@@ -338,10 +343,11 @@ def add_alert(self, error, suggestion):

     def update_connection_time(self, connection_time=None):
         if connection_time is not None:
-            self.props.secondary_text = _('Connected for %s') % \
-                    connection_time.strftime('%H:%M:%S')
+            formatted_time = connection_time.strftime('%H:%M:%S')
         else:
-            self.props.secondary_text = _('Connected for %s') % '00:00:00'
+            formatted_time = '00:00:00'
+        text = _('Connected for %s') % (formatted_time, )
+        self.props.secondary_text = glib.markup_escape_text(text)

     def update_stats(self, in_bytes, out_bytes):
         in_KBytes = in_bytes / 1024
@@ -603,7 +609,8 @@ def __init__(self, device, state):
         self._icon.show()

         self.set_palette_invoker(FrameWidgetInvoker(self))
-        self._palette = WirelessPalette(_('Mesh Network'))
+        title = _('Mesh Network')
+        self._palette = WirelessPalette(glib.markup_escape_text(title))
         self._palette.connect('deactivate-connection',
                               self.__deactivate_connection)
         self.set_palette(self._palette)
@@ -646,7 +653,7 @@ def __wireless_properties_changed_cb(self, properties):

     def _update_text(self):
         channel = str(self._channel)
-        text = _('Mesh Network %s') % glib.markup_escape_text(channel)
+        text = glib.markup_escape_text(_('Mesh Network %s') % (channel, ))
         self._palette.props.primary_text = text

     def _update(self):
diff --git a/extensions/deviceicon/speaker.py b/extensions/deviceicon/speaker.py
index d396bfb..d8b26be 100644
--- a/extensions/deviceicon/speaker.py
+++ b/extensions/deviceicon/speaker.py
@@ -17,6 +17,7 @@
 from gettext import gettext as _
 import gconf

+import glib
 import gobject
 import gtk

@@ -57,7 +58,8 @@ def __init__(self):
         self._update_info()

     def create_palette(self):
-        palette = SpeakerPalette(_('My Speakers'), model=self._model)
+        label = glib.markup_escape_text(_('My Speakers'))
+        palette = SpeakerPalette(label, model=self._model)
         palette.set_group_id('frame')
         return palette

diff --git a/extensions/deviceicon/touchpad.py b/extensions/deviceicon/touchpad.py
index b3b34f5..6773afc 100644
--- a/extensions/deviceicon/touchpad.py
+++ b/extensions/deviceicon/touchpad.py
@@ -20,6 +20,7 @@

 import gtk
 import gconf
+import glib

 import logging

@@ -64,7 +65,8 @@ def __init__(self):
     def create_palette(self):
         """ Create a palette for this icon; called by the Sugar framework
         when a palette needs to be displayed. """
-        self.palette = ResourcePalette(_('My touchpad'), self.icon)
+        label = glib.markup_escape_text(_('My touchpad'))
+        self.palette = ResourcePalette(label, self.icon)
         self.palette.set_group_id('frame')
         return self.palette

diff --git a/src/jarabe/desktop/favoritesview.py b/src/jarabe/desktop/favoritesview.py
index 1be7d76..132d14f 100644
--- a/src/jarabe/desktop/favoritesview.py
+++ b/src/jarabe/desktop/favoritesview.py
@@ -21,6 +21,7 @@

 import gobject
 import gconf
+import glib
 import gtk
 import hippo

@@ -543,7 +544,8 @@ def __init__(self, activity_info, journal_entries):
                                icon_size=gtk.ICON_SIZE_LARGE_TOOLBAR)

         if journal_entries:
-            self.props.secondary_text = journal_entries[0]['title']
+            title = journal_entries[0]['title']
+            self.props.secondary_text = glib.markup_escape_text(title)

             menu_items = []
             for entry in journal_entries:
diff --git a/src/jarabe/desktop/networkviews.py b/src/jarabe/desktop/networkviews.py
index 9948d3b..616f555 100644
--- a/src/jarabe/desktop/networkviews.py
+++ b/src/jarabe/desktop/networkviews.py
@@ -497,7 +497,8 @@ def _create_palette(self):
                 icon_name=self._ICON_NAME + str(self._channel),
                 icon_size=style.STANDARD_ICON_SIZE)

-        palette_ = palette.Palette(_('Ad-hoc Network %d') % self._channel,
+        text = _('Ad-hoc Network %d') % (self._channel, )
+        palette_ = palette.Palette(glib.markup_escape_text(text),
                                    icon=self._palette_icon)

         self._connect_item = MenuItem(_('Connect'), 'dialog-ok')
@@ -630,7 +631,8 @@ def __init__(self, mesh_mgr, channel):
         self.set_palette(self._palette)

     def _create_palette(self):
-        _palette = palette.Palette(_('Mesh Network %d') % self._channel)
+        text = _('Mesh Network %d') % (self._channel, )
+        _palette = palette.Palette(glib.markup_escape_text(text))

         self._connect_item = MenuItem(_('Connect'), 'dialog-ok')
         self._connect_item.connect('activate', self.__connect_activate_cb)
diff --git a/src/jarabe/frame/activitiestray.py b/src/jarabe/frame/activitiestray.py
index 2b5bf8d..1a59470 100644
--- a/src/jarabe/frame/activitiestray.py
+++ b/src/jarabe/frame/activitiestray.py
@@ -24,6 +24,7 @@
 import gobject
 import gconf
 import gio
+import glib
 import gtk

 from sugar.graphics import style
@@ -186,9 +187,11 @@ def __init__(self, invite):
         registry = bundleregistry.get_registry()
         self._bundle = registry.get_bundle(bundle_id)
         if self._bundle:
-            self.set_primary_text(self._bundle.get_name())
+            name = self._bundle.get_name()
         else:
-            self.set_primary_text(bundle_id)
+            name = bundle_id
+
+        self.set_primary_text(glib.markup_escape_text(name))

     def __join_activate_cb(self, menu_item):
         self._invite.join()
@@ -484,7 +487,7 @@ class BaseTransferPalette(Palette):
     }

     def __init__(self, file_transfer):
-        Palette.__init__(self, file_transfer.title)
+        Palette.__init__(self, glib.markup_escape_text(file_transfer.title))

         self.file_transfer = file_transfer

@@ -547,7 +550,8 @@ def __init__(self, file_transfer):
         self.file_transfer.connect('notify::state', self.__notify_state_cb)

         nick = str(self.file_transfer.buddy.props.nick)
-        self.props.secondary_text = _('Transfer from %s') % (nick,)
+        label = glib.markup_escape_text(_('Transfer from %s') % (nick,))
+        self.props.secondary_text = label

         self._update()

@@ -678,7 +682,8 @@ def __init__(self, file_transfer):
         self.file_transfer.connect('notify::state', self.__notify_state_cb)

         nick = str(file_transfer.buddy.props.nick)
-        self.props.secondary_text = _('Transfer to %s') % (nick,)
+        label = glib.markup_escape_text(_('Transfer to %s') % (nick,))
+        self.props.secondary_text = label

         self._update()

diff --git a/src/jarabe/frame/clipboardmenu.py b/src/jarabe/frame/clipboardmenu.py
index 1d22d8e..4c077d9 100644
--- a/src/jarabe/frame/clipboardmenu.py
+++ b/src/jarabe/frame/clipboardmenu.py
@@ -20,6 +20,7 @@
 import os
 import logging
 import gconf
+import glib

 import gtk

@@ -162,10 +163,11 @@ def _object_state_changed_cb(self, cb_service, cb_object):
         self._update()

     def _update(self):
-        self.props.primary_text = self._cb_object.get_name()
+        name = self._cb_object.get_name()
+        self.props.primary_text = glib.markup_escape_text(name)
         preview = self._cb_object.get_preview()
         if preview:
-            self.props.secondary_text = preview
+            self.props.secondary_text = glib.markup_escape_text(preview)
         self._update_progress_bar()
         self._update_items_visibility()
         self._update_open_submenu()
diff --git a/src/jarabe/frame/zoomtoolbar.py b/src/jarabe/frame/zoomtoolbar.py
index 6c10c61..2effea2 100644
--- a/src/jarabe/frame/zoomtoolbar.py
+++ b/src/jarabe/frame/zoomtoolbar.py
@@ -18,6 +18,7 @@
 from gettext import gettext as _
 import logging

+import glib
 import gtk

 from sugar.graphics.palette import Palette
@@ -59,7 +60,7 @@ def _add_button(self, icon_name, label, accelerator, zoom_level):
         self.add(button)
         button.show()

-        palette = Palette(label)
+        palette = Palette(glib.markup_escape_text(label))
         palette.props.invoker = FrameWidgetInvoker(button)
         palette.set_group_id('frame')
         button.set_palette(palette)
diff --git a/src/jarabe/journal/expandedentry.py b/src/jarabe/journal/expandedentry.py
index 476156a..4e99dc2 100644
--- a/src/jarabe/journal/expandedentry.py
+++ b/src/jarabe/journal/expandedentry.py
@@ -23,6 +23,7 @@
 import hippo
 import cairo
 import gobject
+import glib
 import gtk
 import simplejson

@@ -386,7 +387,8 @@ def _update_entry(self, needs_update=False):
         old_title = self._metadata.get('title', None)
         new_title = self._title.props.widget.props.text
         if old_title != new_title:
-            self._icon.palette.props.primary_text = new_title
+            label = glib.markup_escape_text(new_title)
+            self._icon.palette.props.primary_text = label
             self._metadata['title'] = new_title
             self._metadata['title_set_by_user'] = '1'
             needs_update = True
diff --git a/src/jarabe/journal/palettes.py b/src/jarabe/journal/palettes.py
index 0812475..8fc1e5d 100644
--- a/src/jarabe/journal/palettes.py
+++ b/src/jarabe/journal/palettes.py
@@ -22,6 +22,7 @@
 import gtk
 import gconf
 import gio
+import glib

 from sugar.graphics import style
 from sugar.graphics.palette import Palette
@@ -60,7 +61,7 @@ def __init__(self, metadata, detail=False):
         if 'title' in metadata:
             title = gobject.markup_escape_text(metadata['title'])
         else:
-            title = _('Untitled')
+            title = glib.markup_escape_text(_('Untitled'))

         Palette.__init__(self, primary_text=title,
                          icon=activity_icon)
@@ -376,7 +377,7 @@ def __init__(self, buddy):
                           icon_size=style.STANDARD_ICON_SIZE,
                           xo_color=XoColor(colors))

-        Palette.__init__(self, primary_text=nick,
+        Palette.__init__(self, primary_text=glib.markup_escape_text(nick),
                          icon=buddy_icon)

         # TODO: Support actions on buddies, like make friend, invite, etc.
diff --git a/src/jarabe/journal/volumestoolbar.py b/src/jarabe/journal/volumestoolbar.py
index 77bb955..71b6ea8 100644
--- a/src/jarabe/journal/volumestoolbar.py
+++ b/src/jarabe/journal/volumestoolbar.py
@@ -21,6 +21,7 @@

 import gobject
 import gio
+import glib
 import gtk
 import gconf
 import cPickle
@@ -205,7 +206,8 @@ def _set_up_documents_button(self):
         if documents_path is not None:
             button = DocumentsButton(documents_path)
             button.props.group = self._volume_buttons[0]
-            button.set_palette(Palette(_('Documents')))
+            label = glib.markup_escape_text(_('Documents'))
+            button.set_palette(Palette(label))
             button.connect('toggled', self._button_toggled_cb)
             button.show()

@@ -363,7 +365,7 @@ def create_palette(self):
 class JournalButtonPalette(Palette):

     def __init__(self, mount):
-        Palette.__init__(self, _('Journal'))
+        Palette.__init__(self, glib.markup_escape_text(_('Journal')))
         vbox = gtk.VBox()
         self.set_content(vbox)
         vbox.show()
diff --git a/src/jarabe/view/buddymenu.py b/src/jarabe/view/buddymenu.py
index f824e70..de5a772 100644
--- a/src/jarabe/view/buddymenu.py
+++ b/src/jarabe/view/buddymenu.py
@@ -20,6 +20,7 @@

 import gtk
 import gconf
+import glib
 import dbus

 from sugar.graphics.palette import Palette
@@ -40,7 +41,9 @@ def __init__(self, buddy):
         buddy_icon = Icon(icon_name='computer-xo',
                           xo_color=buddy.get_color(),
                           icon_size=gtk.ICON_SIZE_LARGE_TOOLBAR)
-        Palette.__init__(self, None, primary_text=buddy.get_nick(),
+        nick = buddy.get_nick()
+        Palette.__init__(self, None,
+                         primary_text=glib.markup_escape_text(nick),
                          icon=buddy_icon)
         self._invite_menu = None
         self._active_activity_changed_hid = None
@@ -149,7 +152,7 @@ def _cur_activity_changed_cb(self, home_model, activity_model):
         self._update_invite_menu(activity_model)

     def __buddy_notify_nick_cb(self, buddy, pspec):
-        self.set_primary_text(buddy.props.nick)
+        self.set_primary_text(glib.markup_escape_text(buddy.props.nick))

     def _make_friend_cb(self, menuitem):
         friends.get_model().make_friend(self._buddy)
diff --git a/src/jarabe/view/palettes.py b/src/jarabe/view/palettes.py
index a13be46..3195c0c 100644
--- a/src/jarabe/view/palettes.py
+++ b/src/jarabe/view/palettes.py
@@ -20,6 +20,7 @@
 import logging

 import gconf
+import glib
 import gtk

 from sugar import env
@@ -44,7 +45,7 @@ def __init__(self, home_activity):
         if home_activity.props.launch_status == shell.Activity.LAUNCHING:
             self._notify_launch_hid = home_activity.connect( \
                     'notify::launch-status', self.__notify_launch_status_cb)
-            self.set_primary_text(_('Starting...'))
+            self.set_primary_text(glib.markup_escape_text(_('Starting...')))
         elif home_activity.props.launch_status == shell.Activity.LAUNCH_FAILED:
             self._on_failed_launch()
         else:
@@ -54,7 +55,8 @@ def setup_palette(self):
         raise NotImplementedError

     def _on_failed_launch(self):
-        self.set_primary_text(_('Activity failed to start'))
+        message = _('Activity failed to start')
+        self.set_primary_text(glib.markup_escape_text(message))

     def __notify_launch_status_cb(self, home_activity, pspec):
         home_activity.disconnect(self._notify_launch_hid)
@@ -71,10 +73,13 @@ def __init__(self, home_activity):
         BasePalette.__init__(self, home_activity)

     def setup_palette(self):
-        self.props.primary_text = self._home_activity.get_activity_name()
+        activity_name = self._home_activity.get_activity_name()
+        if activity_name:
+            self.props.primary_text = glib.markup_escape_text(activity_name)

-        if self._home_activity.get_title() != self.props.primary_text:
-            self.props.secondary_text = self._home_activity.get_title()
+        title = self._home_activity.get_title()
+        if title and title != activity_name:
+            self.props.secondary_text = glib.markup_escape_text(title)

         menu_item = MenuItem(_('Resume'), 'activity-start')
         menu_item.connect('activate', self.__resume_activate_cb)
@@ -125,7 +130,8 @@ def __init__(self, activity_info):
                              xo_color=color,
                              icon_size=gtk.ICON_SIZE_LARGE_TOOLBAR)

-        Palette.__init__(self, primary_text=activity_info.get_name(),
+        name = activity_info.get_name()
+        Palette.__init__(self, primary_text=glib.markup_escape_text(name),
                          icon=activity_icon)

         xo_color = XoColor('%s,%s' % (style.COLOR_WHITE.get_svg(),
@@ -153,7 +159,8 @@ def __init__(self, home_activity):
         BasePalette.__init__(self, home_activity)

     def setup_palette(self):
-        self.set_primary_text(self._home_activity.get_title())
+        title = self._home_activity.get_title()
+        self.set_primary_text(glib.markup_escape_text(title))

         vbox = gtk.VBox()
         self.set_content(vbox)
@@ -201,7 +208,8 @@ def __init__(self, mount):
         Palette.__init__(self, label=mount.get_name())
         self._mount = mount

-        self.props.secondary_text = mount.get_root().get_path()
+        path = mount.get_root().get_path()
+        self.props.secondary_text = glib.markup_escape_text(path)

         vbox = gtk.VBox()
         self.set_content(vbox)
--
1.7.6



More information about the Sugar-devel mailing list