From a13238c236fbab867db726208adbce01a74bfe7f Mon Sep 17 00:00:00 2001
From: trigg <triggerhapp@gmail.com>
Date: Tue, 30 Jul 2024 09:46:00 +0100
Subject: [PATCH 1/3] panel: sanitize variables being sent to pango markup

---
 .../notifications/single-notification.cpp     |  4 ++--
 src/panel/widgets/tray/item.cpp               |  8 +++----
 src/util/gtk-utils.cpp                        | 21 +++++++++++++++++++
 src/util/gtk-utils.hpp                        |  3 +++
 4 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/src/panel/widgets/notifications/single-notification.cpp b/src/panel/widgets/notifications/single-notification.cpp
index 034a1e16..14eb27f9 100644
--- a/src/panel/widgets/notifications/single-notification.cpp
+++ b/src/panel/widgets/notifications/single-notification.cpp
@@ -111,11 +111,11 @@ WfSingleNotification::WfSingleNotification(const Notification & notification)
     text.set_line_wrap_mode(Pango::WRAP_CHAR);
     if (notification.body.empty())
     {
-        text.set_markup(notification.summary);
+        text.set_markup(sanitize_pango_markup(notification.summary));
     } else
     {
         // NOTE: that is not a really right way to implement FDN markup feature, but the easiest one.
-        text.set_markup("<b>" + notification.summary + "</b>" + "\n" + notification.body);
+        text.set_markup("<b>" + sanitize_pango_markup(notification.summary) + "</b>" + "\n" + sanitize_pango_markup(notification.body));
     }
 
     content.pack_start(text);
diff --git a/src/panel/widgets/tray/item.cpp b/src/panel/widgets/tray/item.cpp
index 98c5a1d3..2790c94b 100644
--- a/src/panel/widgets/tray/item.cpp
+++ b/src/panel/widgets/tray/item.cpp
@@ -185,10 +185,10 @@ void StatusNotifierItem::setup_tooltip()
             get_item_property<std::tuple<Glib::ustring, IconData, Glib::ustring, Glib::ustring>>("ToolTip");
 
         auto tooltip_label_text = !tooltip_text.empty() && !tooltip_title.empty() ?
-            "<b>" + tooltip_title + "</b>: " + tooltip_text :
-            !tooltip_title.empty() ? tooltip_title :
-            !tooltip_text.empty() ? tooltip_text :
-            get_item_property<Glib::ustring>("Title");
+            "<b>" + sanitize_pango_markup(tooltip_title) + "</b>: " + sanitize_pango_markup(tooltip_text) :
+            !tooltip_title.empty() ? sanitize_pango_markup(tooltip_title) :
+            !tooltip_text.empty() ? sanitize_pango_markup(tooltip_text) :
+            sanitize_pango_markup(get_item_property<Glib::ustring>("Title"));
 
         const auto pixbuf = extract_pixbuf(std::move(tooltip_icon_data));
 
diff --git a/src/util/gtk-utils.cpp b/src/util/gtk-utils.cpp
index ae8b9623..1c483346 100644
--- a/src/util/gtk-utils.cpp
+++ b/src/util/gtk-utils.cpp
@@ -115,3 +115,24 @@ void set_image_icon(Gtk::Image& image, std::string icon_name, int size,
 
     set_image_pixbuf(image, pbuff, scale);
 }
+
+std::string sanitize_pango_markup(std::string input){
+    replace_all(input, "&", "&amp;");
+    replace_all(input, "<", "&lt;");
+    replace_all(input, ">", "&gt;");
+    replace_all(input, "'", "&#39;");
+    replace_all(input, "\"", "&#34;");
+    return input;
+}
+
+void replace_all(std::string& haystack, const std::string from, const std::string to){
+    if (from.empty()){
+        return;
+    }
+
+    size_t pos = 0;
+    while ((pos = haystack.find(from, pos)) != std::string::npos) {
+        haystack.replace(pos, from.length(), to);
+        pos += to.length();
+    }
+}
\ No newline at end of file
diff --git a/src/util/gtk-utils.hpp b/src/util/gtk-utils.hpp
index e78d1b0c..37dc9f63 100644
--- a/src/util/gtk-utils.hpp
+++ b/src/util/gtk-utils.hpp
@@ -30,4 +30,7 @@ void set_image_icon(Gtk::Image& image, std::string icon_name, int size,
 
 void invert_pixbuf(Glib::RefPtr<Gdk::Pixbuf>& pbuff);
 
+std::string sanitize_pango_markup(const std::string input);
+void replace_all(std::string& haystack, const std::string from, const std::string to);
+
 #endif /* end of include guard: WF_GTK_UTILS */

From e5a3d3abfe5c610e3cd185659552585cf45814f1 Mon Sep 17 00:00:00 2001
From: trigg <triggerhapp@gmail.com>
Date: Tue, 30 Jul 2024 10:11:47 +0100
Subject: [PATCH 2/3] panel: prefer Glib helper function over brand new one

---
 .../notifications/single-notification.cpp     |  5 +++--
 src/panel/widgets/tray/item.cpp               | 10 +++++----
 src/util/gtk-utils.cpp                        | 21 -------------------
 src/util/gtk-utils.hpp                        |  3 ---
 4 files changed, 9 insertions(+), 30 deletions(-)

diff --git a/src/panel/widgets/notifications/single-notification.cpp b/src/panel/widgets/notifications/single-notification.cpp
index 14eb27f9..b188e21f 100644
--- a/src/panel/widgets/notifications/single-notification.cpp
+++ b/src/panel/widgets/notifications/single-notification.cpp
@@ -2,6 +2,7 @@
 #include "daemon.hpp"
 
 #include <glibmm/main.h>
+#include <glibmm/markup.h>
 #include <gtk-utils.hpp>
 #include <gtkmm/icontheme.h>
 
@@ -111,11 +112,11 @@ WfSingleNotification::WfSingleNotification(const Notification & notification)
     text.set_line_wrap_mode(Pango::WRAP_CHAR);
     if (notification.body.empty())
     {
-        text.set_markup(sanitize_pango_markup(notification.summary));
+        text.set_markup(Glib::Markup::escape_text(notification.summary));
     } else
     {
         // NOTE: that is not a really right way to implement FDN markup feature, but the easiest one.
-        text.set_markup("<b>" + sanitize_pango_markup(notification.summary) + "</b>" + "\n" + sanitize_pango_markup(notification.body));
+        text.set_markup("<b>" + Glib::Markup::escape_text(notification.summary) + "</b>" + "\n" + Glib::Markup::escape_text(notification.body));
     }
 
     content.pack_start(text);
diff --git a/src/panel/widgets/tray/item.cpp b/src/panel/widgets/tray/item.cpp
index 2790c94b..9f4e2d5e 100644
--- a/src/panel/widgets/tray/item.cpp
+++ b/src/panel/widgets/tray/item.cpp
@@ -2,6 +2,8 @@
 
 #include <gtk-utils.hpp>
 
+#include <glibmm/markup.h>
+
 #include <gtkmm/icontheme.h>
 #include <gtkmm/tooltip.h>
 
@@ -185,10 +187,10 @@ void StatusNotifierItem::setup_tooltip()
             get_item_property<std::tuple<Glib::ustring, IconData, Glib::ustring, Glib::ustring>>("ToolTip");
 
         auto tooltip_label_text = !tooltip_text.empty() && !tooltip_title.empty() ?
-            "<b>" + sanitize_pango_markup(tooltip_title) + "</b>: " + sanitize_pango_markup(tooltip_text) :
-            !tooltip_title.empty() ? sanitize_pango_markup(tooltip_title) :
-            !tooltip_text.empty() ? sanitize_pango_markup(tooltip_text) :
-            sanitize_pango_markup(get_item_property<Glib::ustring>("Title"));
+            "<b>" + Glib::Markup::escape_text(tooltip_title) + "</b>: " + Glib::Markup::escape_text(tooltip_text) :
+            !tooltip_title.empty() ? Glib::Markup::escape_text(tooltip_title) :
+            !tooltip_text.empty() ? Glib::Markup::escape_text(tooltip_text) :
+            Glib::Markup::escape_text(get_item_property<Glib::ustring>("Title"));
 
         const auto pixbuf = extract_pixbuf(std::move(tooltip_icon_data));
 
diff --git a/src/util/gtk-utils.cpp b/src/util/gtk-utils.cpp
index 1c483346..ae8b9623 100644
--- a/src/util/gtk-utils.cpp
+++ b/src/util/gtk-utils.cpp
@@ -115,24 +115,3 @@ void set_image_icon(Gtk::Image& image, std::string icon_name, int size,
 
     set_image_pixbuf(image, pbuff, scale);
 }
-
-std::string sanitize_pango_markup(std::string input){
-    replace_all(input, "&", "&amp;");
-    replace_all(input, "<", "&lt;");
-    replace_all(input, ">", "&gt;");
-    replace_all(input, "'", "&#39;");
-    replace_all(input, "\"", "&#34;");
-    return input;
-}
-
-void replace_all(std::string& haystack, const std::string from, const std::string to){
-    if (from.empty()){
-        return;
-    }
-
-    size_t pos = 0;
-    while ((pos = haystack.find(from, pos)) != std::string::npos) {
-        haystack.replace(pos, from.length(), to);
-        pos += to.length();
-    }
-}
\ No newline at end of file
diff --git a/src/util/gtk-utils.hpp b/src/util/gtk-utils.hpp
index 37dc9f63..e78d1b0c 100644
--- a/src/util/gtk-utils.hpp
+++ b/src/util/gtk-utils.hpp
@@ -30,7 +30,4 @@ void set_image_icon(Gtk::Image& image, std::string icon_name, int size,
 
 void invert_pixbuf(Glib::RefPtr<Gdk::Pixbuf>& pbuff);
 
-std::string sanitize_pango_markup(const std::string input);
-void replace_all(std::string& haystack, const std::string from, const std::string to);
-
 #endif /* end of include guard: WF_GTK_UTILS */

From e787069b3548500b8c8899ca26e9bc576299febe Mon Sep 17 00:00:00 2001
From: trigg <triggerhapp@gmail.com>
Date: Tue, 30 Jul 2024 10:21:42 +0100
Subject: [PATCH 3/3] uncrustify

---
 src/panel/widgets/notifications/single-notification.cpp | 3 ++-
 src/panel/widgets/tray/item.cpp                         | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/panel/widgets/notifications/single-notification.cpp b/src/panel/widgets/notifications/single-notification.cpp
index b188e21f..0fe4ef71 100644
--- a/src/panel/widgets/notifications/single-notification.cpp
+++ b/src/panel/widgets/notifications/single-notification.cpp
@@ -116,7 +116,8 @@ WfSingleNotification::WfSingleNotification(const Notification & notification)
     } else
     {
         // NOTE: that is not a really right way to implement FDN markup feature, but the easiest one.
-        text.set_markup("<b>" + Glib::Markup::escape_text(notification.summary) + "</b>" + "\n" + Glib::Markup::escape_text(notification.body));
+        text.set_markup("<b>" + Glib::Markup::escape_text(
+            notification.summary) + "</b>" + "\n" + Glib::Markup::escape_text(notification.body));
     }
 
     content.pack_start(text);
diff --git a/src/panel/widgets/tray/item.cpp b/src/panel/widgets/tray/item.cpp
index 9f4e2d5e..dfc0c84f 100644
--- a/src/panel/widgets/tray/item.cpp
+++ b/src/panel/widgets/tray/item.cpp
@@ -187,7 +187,8 @@ void StatusNotifierItem::setup_tooltip()
             get_item_property<std::tuple<Glib::ustring, IconData, Glib::ustring, Glib::ustring>>("ToolTip");
 
         auto tooltip_label_text = !tooltip_text.empty() && !tooltip_title.empty() ?
-            "<b>" + Glib::Markup::escape_text(tooltip_title) + "</b>: " + Glib::Markup::escape_text(tooltip_text) :
+            "<b>" + Glib::Markup::escape_text(tooltip_title) + "</b>: " +
+            Glib::Markup::escape_text(tooltip_text) :
             !tooltip_title.empty() ? Glib::Markup::escape_text(tooltip_title) :
             !tooltip_text.empty() ? Glib::Markup::escape_text(tooltip_text) :
             Glib::Markup::escape_text(get_item_property<Glib::ustring>("Title"));