Bug 900552 Ensure attachment names are escaped. r=Neil,a=Standard8
authorMark Banner <bugzilla@standard8.plus.com>
Mon, 12 Aug 2013 20:12:40 +0100
changeset 13688 6294376dd781
parent 13687 7c9d47418119
child 13689 22c6a1b599ef
push id62
push userbugzilla@standard8.plus.com
push dateTue, 10 Sep 2013 11:01:10 +0000
reviewersNeil, Standard8
bugs900552
Bug 900552 Ensure attachment names are escaped. r=Neil,a=Standard8
mailnews/mime/emitters/src/nsMimeBaseEmitter.cpp
mailnews/mime/emitters/src/nsMimeHtmlEmitter.cpp
mailnews/mime/src/mimei.cpp
--- a/mailnews/mime/emitters/src/nsMimeBaseEmitter.cpp
+++ b/mailnews/mime/emitters/src/nsMimeBaseEmitter.cpp
@@ -888,17 +888,19 @@ nsMimeBaseEmitter::WriteHeaderFieldHTMLP
       ( (mFormat == nsMimeOutput::nsMimeMessagePrintOutput) && (mFirstHeaders) )
      )
      /* DO NOTHING */ ;   // rhp: Do nothing...leaving the conditional like this so its
                           //      easier to see the logic of what is going on.
   else {
     mHTMLHeaders.Append("<br><fieldset class=\"mimeAttachmentHeader\">");
     if (!name.IsEmpty()) {
       mHTMLHeaders.Append("<legend class=\"mimeAttachmentHeaderName\">");
-      mHTMLHeaders.Append(name);
+      nsCString escapedName;
+      escapedName.Adopt(MsgEscapeHTML(nsCString(name).get()));
+      mHTMLHeaders.Append(escapedName);
       mHTMLHeaders.Append("</legend>");
     }
     mHTMLHeaders.Append("</fieldset>");
   }
 
   mFirstHeaders = false;
   return NS_OK;
 }
--- a/mailnews/mime/emitters/src/nsMimeHtmlEmitter.cpp
+++ b/mailnews/mime/emitters/src/nsMimeHtmlEmitter.cpp
@@ -413,17 +413,19 @@ nsMimeHtmlDisplayEmitter::StartAttachmen
                                    getter_AddRefs(bundle));
       NS_ENSURE_SUCCESS(rv, rv);
 
       nsString attachmentsHeader;
       bundle->GetStringFromName(NS_LITERAL_STRING("attachmentsPrintHeader").get(),
                                 getter_Copies(attachmentsHeader)); 
 
       UtilityWrite("<legend class=\"mimeAttachmentHeaderName\">");
-      UtilityWrite(NS_ConvertUTF16toUTF8(attachmentsHeader).get());
+      nsCString escapedName;
+      escapedName.Adopt(MsgEscapeHTML(NS_ConvertUTF16toUTF8(attachmentsHeader).get()));
+      UtilityWrite(escapedName.get());
       UtilityWrite("</legend>");
     }
     UtilityWrite("</fieldset>");
     UtilityWrite("<div class=\"mimeAttachmentWrap\">");
     UtilityWrite("<table class=\"mimeAttachmentTable\">");
   }
 
   UtilityWrite("<tr>");
--- a/mailnews/mime/src/mimei.cpp
+++ b/mailnews/mime/src/mimei.cpp
@@ -1720,17 +1720,21 @@ MimeOptions_write(MimeDisplayOptions *op
       if (lstatus < 0) return lstatus;
 
       if (!name.IsEmpty()) {
           sep = "<LEGEND CLASS=\"mimeAttachmentHeaderName\">";
           lstatus = opt->output_fn(sep, strlen(sep), closure);
           opt->state->separator_suppressed_p = false;
           if (lstatus < 0) return lstatus;
 
-          lstatus = opt->output_fn(name.get(), name.Length(), closure);
+          nsCString escapedName;
+          escapedName.Adopt(MsgEscapeHTML(name.get()));
+
+          lstatus = opt->output_fn(escapedName.get(),
+                                   escapedName.Length(), closure);
           opt->state->separator_suppressed_p = false;
           if (lstatus < 0) return lstatus;
 
           sep = "</LEGEND>";
           lstatus = opt->output_fn(sep, strlen(sep), closure);
           opt->state->separator_suppressed_p = false;
           if (lstatus < 0) return lstatus;
       }