Bug 111848

Summary: HTML code is not escaped to be shown by knotify
Product: [Applications] konversation Reporter: Candid Dauth <cdauth+bugs.kde.org>
Component: generalAssignee: Konversation Developers <konversation-devel>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Candid Dauth 2005-08-31 23:25:32 UTC 
Version:            (using KDE KDE 3.4.2)
Installed from:    Compiled From Sources
OS:                Linux

I get notified by knotify through a passive window at new incoming messages in Konversation. knotify expects HTML code as text so that applications can format the text there (bold/italic, for example).

Well, Konversation gives unescaped text of the incoming message to knotify and does not encode “&” as “&amp;” and so on.
So, when somebody writes “<test>” in the chat, the passive window doesn’t show that. When someone writes “<b>test</b>”, it appears as bold “test” in the passive window. And when they send “&ndash;”, the passive window displays “–”.

Konversation should escape “&” to “&amp;”, “<” to “&lt;”, “>” to “&gt;”, and — optionally — “"” to “&quot;”, when giving a received message to knotify.
Comment 1 Peter Simonsson 2006-01-26 21:27:20 UTC 
Fixed in trunk, will be in 0.19