Bug 900552 Ensure attachment names are escaped. r=Neil,a=Standard8
--- a/mailnews/mime/emitters/src/nsMimeBaseEmitter.cpp
+++ b/mailnews/mime/emitters/src/nsMimeBaseEmitter.cpp
@@ -888,17 +888,19 @@ nsMimeBaseEmitter::WriteHeaderFieldHTMLP
( (mFormat == nsMimeOutput::nsMimeMessagePrintOutput) && (mFirstHeaders) )
)
/* DO NOTHING */ ; // rhp: Do nothing...leaving the conditional like this so its
// easier to see the logic of what is going on.
else {
mHTMLHeaders.Append("<br><fieldset class=\"mimeAttachmentHeader\">");
if (!name.IsEmpty()) {
mHTMLHeaders.Append("<legend class=\"mimeAttachmentHeaderName\">");
- mHTMLHeaders.Append(name);
+ nsCString escapedName;
+ escapedName.Adopt(MsgEscapeHTML(nsCString(name).get()));
+ mHTMLHeaders.Append(escapedName);
mHTMLHeaders.Append("</legend>");
}
mHTMLHeaders.Append("</fieldset>");
}
mFirstHeaders = false;
return NS_OK;
}
--- a/mailnews/mime/emitters/src/nsMimeHtmlEmitter.cpp
+++ b/mailnews/mime/emitters/src/nsMimeHtmlEmitter.cpp
@@ -413,17 +413,19 @@ nsMimeHtmlDisplayEmitter::StartAttachmen
getter_AddRefs(bundle));
NS_ENSURE_SUCCESS(rv, rv);
nsString attachmentsHeader;
bundle->GetStringFromName(NS_LITERAL_STRING("attachmentsPrintHeader").get(),
getter_Copies(attachmentsHeader));
UtilityWrite("<legend class=\"mimeAttachmentHeaderName\">");
- UtilityWrite(NS_ConvertUTF16toUTF8(attachmentsHeader).get());
+ nsCString escapedName;
+ escapedName.Adopt(MsgEscapeHTML(NS_ConvertUTF16toUTF8(attachmentsHeader).get()));
+ UtilityWrite(escapedName.get());
UtilityWrite("</legend>");
}
UtilityWrite("</fieldset>");
UtilityWrite("<div class=\"mimeAttachmentWrap\">");
UtilityWrite("<table class=\"mimeAttachmentTable\">");
}
UtilityWrite("<tr>");
--- a/mailnews/mime/src/mimei.cpp
+++ b/mailnews/mime/src/mimei.cpp
@@ -1720,17 +1720,21 @@ MimeOptions_write(MimeDisplayOptions *op
if (lstatus < 0) return lstatus;
if (!name.IsEmpty()) {
sep = "<LEGEND CLASS=\"mimeAttachmentHeaderName\">";
lstatus = opt->output_fn(sep, strlen(sep), closure);
opt->state->separator_suppressed_p = false;
if (lstatus < 0) return lstatus;
- lstatus = opt->output_fn(name.get(), name.Length(), closure);
+ nsCString escapedName;
+ escapedName.Adopt(MsgEscapeHTML(name.get()));
+
+ lstatus = opt->output_fn(escapedName.get(),
+ escapedName.Length(), closure);
opt->state->separator_suppressed_p = false;
if (lstatus < 0) return lstatus;
sep = "</LEGEND>";
lstatus = opt->output_fn(sep, strlen(sep), closure);
opt->state->separator_suppressed_p = false;
if (lstatus < 0) return lstatus;
}