Not doing so can lead to nasty HTML injection from hostile users.
https://bugzilla.gnome.org/show_bug.cgi?id=662035
EmpathyContact *sender;
TpMessage *tp_msg;
TpAccount *account;
EmpathyContact *sender;
TpMessage *tp_msg;
TpAccount *account;
+ gchar *body_escaped, *name_escaped;
const gchar *name;
const gchar *contact_id;
EmpathyAvatar *avatar;
const gchar *name;
const gchar *contact_id;
EmpathyAvatar *avatar;
+ name_escaped = g_markup_escape_text (name, -1);
+
theme_adium_append_html (theme, func, html, body_escaped,
theme_adium_append_html (theme, func, html, body_escaped,
- avatar_filename, name, contact_id,
+ avatar_filename, name_escaped, contact_id,
service_name, message_classes->str,
timestamp, is_backlog, empathy_contact_is_user (sender));
service_name, message_classes->str,
timestamp, is_backlog, empathy_contact_is_user (sender));
priv->last_is_backlog = is_backlog;
g_free (body_escaped);
priv->last_is_backlog = is_backlog;
g_free (body_escaped);
g_string_free (message_classes, TRUE);
}
g_string_free (message_classes, TRUE);
}