Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 366953

Summary:	Content assist provider input needs to be escaped
Product:	[ECD] Orion	Reporter:	John Arthorne <john.arthorne>
Component:	Client	Assignee:	John Arthorne <john.arthorne>
Status:	RESOLVED FIXED	QA Contact:
Severity:	normal
Priority:	P3	CC:	mamacdon
Version:	0.4
Target Milestone:	0.4 M2
Hardware:	PC
OS:	Windows 7
Whiteboard:

Description John Arthorne

2011-12-16 11:08:50 EST

0.4 M1

Any string provided by a content assist plugin simply gets inserted into a div.innerHTML. For example if I have a provider like this:

	getKeywords: function(prefix, buffer, selection) {
		return [ "<b>Gotcha!</b>" ];
	}

Then the content assist proposal appears in bold. This input should be escaped.

Comment 1 John Arthorne

2011-12-16 11:31:25 EST

http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=47b0e17eb9884e45178f8fd235861358d1fe0fd1

Mark, can you just double-check that this is matches our general approach for user input. Is there anything more than this needed?

Comment 2 Mark Macdonald

2011-12-19 09:24:25 EST

(In reply to comment #1)
> http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=47b0e17eb9884e45178f8fd235861358d1fe0fd1
> 
> Mark, can you just double-check that this is matches our general approach for
> user input. Is there anything more than this needed?

Nope, this is fine.