Properly HTML-escape strings with user-defined contents in message boxes (#247)

* Properly HTML-escape strings with user-defined contents in message boxes, resolves #236 * Also escape group names in EditWidget title
2025-04-05 21:47:38 +03:00 · 2017-02-06 20:23:51 +01:00 · 2017-02-06 20:23:51 +01:00 · 75eb0c6951
commit 75eb0c6951
parent 7e4592c1e7
4 changed files with 11 additions and 9 deletions
--- a/src/gui/DatabaseTabWidget.cpp
+++ b/src/gui/DatabaseTabWidget.cpp
@ -246,7 +246,7 @@ bool DatabaseTabWidget::closeDatabase(Database* db)
        QMessageBox::StandardButton result =
            MessageBox::question(
            this, tr("Close?"),
-            tr("\"%1\" is in edit mode.\nDiscard changes and close anyway?").arg(dbName),
+            tr("\"%1\" is in edit mode.\nDiscard changes and close anyway?").arg(dbName.toHtmlEscaped()),
            QMessageBox::Discard | QMessageBox::Cancel, QMessageBox::Cancel);
        if (result == QMessageBox::Cancel) {
            return false;
@ -262,7 +262,7 @@ bool DatabaseTabWidget::closeDatabase(Database* db)
            QMessageBox::StandardButton result =
                MessageBox::question(
                this, tr("Save changes?"),
-                tr("\"%1\" was modified.\nSave changes?").arg(dbName),
+                tr("\"%1\" was modified.\nSave changes?").arg(dbName.toHtmlEscaped()),
                QMessageBox::Yes | QMessageBox::Discard | QMessageBox::Cancel, QMessageBox::Yes);
            if (result == QMessageBox::Yes) {
                if (!saveDatabase(db)) {