366953 – Content assist provider input needs to be escaped

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 366953 - Content assist provider input needs to be escaped

Summary: Content assist provider input needs to be escaped

Status:	RESOLVED FIXED

Alias:	None

Product:	Orion
Classification:	ECD
Component:	Client (show other bugs)
Version:	0.4
Hardware:	PC Windows 7

Importance:	P3 normal (vote)
Target Milestone:	0.4 M2
Assignee:	John Arthorne
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-12-16 11:08 EST by John Arthorne
Modified:	2011-12-19 09:24 EST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Arthorne

2011-12-16 11:08:50 EST

0.4 M1

Any string provided by a content assist plugin simply gets inserted into a div.innerHTML. For example if I have a provider like this:

	getKeywords: function(prefix, buffer, selection) {
		return [ "<b>Gotcha!</b>" ];
	}

Then the content assist proposal appears in bold. This input should be escaped.

Comment 1 John Arthorne

2011-12-16 11:31:25 EST

http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=47b0e17eb9884e45178f8fd235861358d1fe0fd1

Mark, can you just double-check that this is matches our general approach for user input. Is there anything more than this needed?

Comment 2 Mark Macdonald

2011-12-19 09:24:25 EST

(In reply to comment #1)
> http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=47b0e17eb9884e45178f8fd235861358d1fe0fd1
> 
> Mark, can you just double-check that this is matches our general approach for
> user input. Is there anything more than this needed?

Nope, this is fine.