From 0d478de8e6d65518f01b726045b0f8f66751af04 Mon Sep 17 00:00:00 2001
From: Raul Metsma <raul@metsma.ee>
Date: Fri, 5 Apr 2024 15:05:14 +0300
Subject: [PATCH] Escape HTML chars

IB-8019

Signed-off-by: Raul Metsma <raul@metsma.ee>
---
 client/dialogs/SignatureDialog.cpp |  2 +-
 client/dialogs/SignatureDialog.ui  | 15 +++++++++++++++
 client/widgets/AddressItem.cpp     |  2 +-
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/client/dialogs/SignatureDialog.cpp b/client/dialogs/SignatureDialog.cpp
index 4a2b7c0e1..1bd30e53f 100644
--- a/client/dialogs/SignatureDialog.cpp
+++ b/client/dialogs/SignatureDialog.cpp
@@ -110,7 +110,7 @@ SignatureDialog::SignatureDialog(const DigiDocSignature &signature, QWidget *par
 		d->showErrors->show();
 
 	QString name = !c.isNull() ? c.toString(c.showCN() ? QStringLiteral("CN serialNumber") : QStringLiteral("GN SN serialNumber")) : s.signedBy();
-	d->title->setText(QStringLiteral("%1 | %2%3</font>").arg(name, style, status));
+	d->title->setText(QStringLiteral("%1 | %2%3</font>").arg(name.toHtmlEscaped(), style, status));
 	d->close->setFont(Styles::font(Styles::Condensed, 14));
 	connect(d->close, &QPushButton::clicked, this, &SignatureDialog::accept);
 
diff --git a/client/dialogs/SignatureDialog.ui b/client/dialogs/SignatureDialog.ui
index 39950c46c..86894f5e7 100644
--- a/client/dialogs/SignatureDialog.ui
+++ b/client/dialogs/SignatureDialog.ui
@@ -202,6 +202,9 @@ QScrollBar::sub-line:vertical {
              <height>31</height>
             </size>
            </property>
+           <property name="textFormat">
+            <enum>Qt::PlainText</enum>
+           </property>
            <property name="textInteractionFlags">
             <set>Qt::TextSelectableByKeyboard|Qt::TextSelectableByMouse</set>
            </property>
@@ -231,6 +234,9 @@ QScrollBar::sub-line:vertical {
              <height>31</height>
             </size>
            </property>
+           <property name="textFormat">
+            <enum>Qt::PlainText</enum>
+           </property>
            <property name="textInteractionFlags">
             <set>Qt::TextSelectableByKeyboard|Qt::TextSelectableByMouse</set>
            </property>
@@ -260,6 +266,9 @@ QScrollBar::sub-line:vertical {
              <height>31</height>
             </size>
            </property>
+           <property name="textFormat">
+            <enum>Qt::PlainText</enum>
+           </property>
            <property name="textInteractionFlags">
             <set>Qt::TextSelectableByKeyboard|Qt::TextSelectableByMouse</set>
            </property>
@@ -289,6 +298,9 @@ QScrollBar::sub-line:vertical {
              <height>31</height>
             </size>
            </property>
+           <property name="textFormat">
+            <enum>Qt::PlainText</enum>
+           </property>
            <property name="wordWrap">
             <bool>true</bool>
            </property>
@@ -327,6 +339,9 @@ QScrollBar::sub-line:vertical {
              <height>300</height>
             </size>
            </property>
+           <property name="textFormat">
+            <enum>Qt::PlainText</enum>
+           </property>
            <property name="wordWrap">
             <bool>true</bool>
            </property>
diff --git a/client/widgets/AddressItem.cpp b/client/widgets/AddressItem.cpp
index 08d231d3e..a7e937fcf 100644
--- a/client/widgets/AddressItem.cpp
+++ b/client/widgets/AddressItem.cpp
@@ -65,7 +65,7 @@ AddressItem::AddressItem(CKey k, QWidget *parent, bool showIcon)
 			ui->key.cert.subjectInfo("GN").join(' ') + " " + ui->key.cert.subjectInfo("SN").join(' ') :
 			ui->key.cert.subjectInfo("CN").join(' ')).toHtmlEscaped();
 	if(ui->label.isEmpty())
-		ui->label = ui->key.recipient;
+		ui->label = ui->key.recipient.toHtmlEscaped();
 	setIdType();
 	showButton(AddressItem::Remove);
 }