Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 366953

Summary: Content assist provider input needs to be escaped
Product: [ECD] Orion Reporter: John Arthorne <john.arthorne>
Component: ClientAssignee: John Arthorne <john.arthorne>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: mamacdon
Version: 0.4   
Target Milestone: 0.4 M2   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description John Arthorne CLA 2011-12-16 11:08:50 EST
0.4 M1

Any string provided by a content assist plugin simply gets inserted into a div.innerHTML. For example if I have a provider like this:

	getKeywords: function(prefix, buffer, selection) {
		return [ "<b>Gotcha!</b>" ];
	}

Then the content assist proposal appears in bold. This input should be escaped.
Comment 1 John Arthorne CLA 2011-12-16 11:31:25 EST
http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=47b0e17eb9884e45178f8fd235861358d1fe0fd1

Mark, can you just double-check that this is matches our general approach for user input. Is there anything more than this needed?
Comment 2 Mark Macdonald CLA 2011-12-19 09:24:25 EST
(In reply to comment #1)
> http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=47b0e17eb9884e45178f8fd235861358d1fe0fd1
> 
> Mark, can you just double-check that this is matches our general approach for
> user input. Is there anything more than this needed?

Nope, this is fine.