Merge pull request #539 from TechupBusiness/improve-html-entity-encoding

[TASK] Improve html entity encoding

syncthing_gtk/app.py

@@ -1406,7 +1406,6 @@ def show_folder(self, id, label, path, folder_type, ignore_perms, rescan_interva
 			title = display_path
 		if label not in (None, ""):
 			title = label
-		title = title.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;')
 		if id in self.folders:
 			# Reuse existing box
 			box = self.folders[id]

syncthing_gtk/infobox.py

@@ -7,7 +7,7 @@
 from __future__ import unicode_literals
 from gi.repository import Gtk, Gdk, GLib, GObject, Pango, Rsvg
 from syncthing_gtk.ribar import RevealerClass
-from syncthing_gtk.tools import _ # gettext function
+from syncthing_gtk.tools import _, escape_html_entities # _ is gettext function
 import os, logging, math
 log = logging.getLogger("InfoBox")
 
@@ -313,6 +313,7 @@ def on_leave_notify(self, eb, event, *data):
 
 	### Methods
 	def set_title(self, t):
+		t = escape_html_entities(t)
 		self.str_title = t
 		inverted = self.header_inverted and self.dark_color is None
 		col = "black" if inverted else "white"

syncthing_gtk/tools.py

@@ -558,3 +558,6 @@ def generate_folder_id():
 		("".join(random.choice(string.ascii_lowercase + string.digits) for _ in range(5)))
 		for _ in range(2)
 	))
+
+def escape_html_entities(string):
+	return string.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;')