From f9a334233fa03e4705fb34a02fce9da8cd0dceb6 Mon Sep 17 00:00:00 2001
From: Nicolas Werner <nicolas.werner@hotmail.de>
Date: Thu, 9 Sep 2021 21:20:34 +0200
Subject: [PATCH] Don't allow images in username change messages and user
 completer

Sorry, no fun for you!
---
 src/UsersModel.cpp             | 7 ++++---
 src/timeline/TimelineModel.cpp | 3 ++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/UsersModel.cpp b/src/UsersModel.cpp
index c43796682..13b05f0e0 100644
--- a/src/UsersModel.cpp
+++ b/src/UsersModel.cpp
@@ -42,21 +42,22 @@ UsersModel::data(const QModelIndex &index, int role) const
                 case CompletionModel::CompletionRole:
                         if (UserSettings::instance()->markdown())
                                 return QString("[%1](https://matrix.to/#/%2)")
-                                  .arg(displayNames[index.row()])
+                                  .arg(displayNames[index.row()].toHtmlEscaped())
                                   .arg(QString(QUrl::toPercentEncoding(userids[index.row()])));
                         else
                                 return displayNames[index.row()];
                 case CompletionModel::SearchRole:
+                        return displayNames[index.row()];
                 case Qt::DisplayRole:
                 case Roles::DisplayName:
-                        return displayNames[index.row()];
+                        return displayNames[index.row()].toHtmlEscaped();
                 case CompletionModel::SearchRole2:
                         return userids[index.row()];
                 case Roles::AvatarUrl:
                         return cache::avatarUrl(QString::fromStdString(room_id),
                                                 QString::fromStdString(roomMembers_[index.row()]));
                 case Roles::UserID:
-                        return userids[index.row()];
+                        return userids[index.row()].toHtmlEscaped();
                 }
         }
         return {};
diff --git a/src/timeline/TimelineModel.cpp b/src/timeline/TimelineModel.cpp
index e5e9d9bf7..78409e1dc 100644
--- a/src/timeline/TimelineModel.cpp
+++ b/src/timeline/TimelineModel.cpp
@@ -1858,7 +1858,8 @@ TimelineModel::formatMemberEvent(QString id)
                 break;
         case Membership::Join:
                 if (prevEvent && prevEvent->content.membership == Membership::Join) {
-                        QString oldName = QString::fromStdString(prevEvent->content.display_name);
+                        QString oldName = utils::replaceEmoji(
+                          QString::fromStdString(prevEvent->content.display_name).toHtmlEscaped());
 
                         bool displayNameChanged =
                           prevEvent->content.display_name != event->content.display_name;
-- 
GitLab