escape html chars from label in widgets

2025-12-24 21:04:40 +01:00 · 2022-07-18 17:27:49 +02:00 · 2022-07-18 17:27:49 +02:00 · ca2f554a1c
commit ca2f554a1c
parent 4f6646d6c7
3 changed files with 10 additions and 4 deletions
--- a/openpype/tools/publisher/publish_report_viewer/model.py
+++ b/openpype/tools/publisher/publish_report_viewer/model.py
@ -1,4 +1,5 @@
 import uuid
+import html
 from Qt import QtCore, QtGui

 import pyblish.api
@ -45,7 +46,8 @@ class InstancesModel(QtGui.QStandardItemModel):
            all_removed = True
            for instance_item in instance_items:
                item = QtGui.QStandardItem(instance_item.label)
-                item.setData(instance_item.label, ITEM_LABEL_ROLE)
+                instance_label = html.escape(instance_item.label)
+                item.setData(instance_label, ITEM_LABEL_ROLE)
                item.setData(instance_item.errored, ITEM_ERRORED_ROLE)
                item.setData(instance_item.id, ITEM_ID_ROLE)
                item.setData(instance_item.removed, INSTANCE_REMOVED_ROLE)
--- a/openpype/tools/publisher/widgets/card_view_widgets.py
+++ b/openpype/tools/publisher/widgets/card_view_widgets.py
@ -22,6 +22,7 @@ Only one item can be selected at a time.

 import re
 import collections
+import html

 from Qt import QtWidgets, QtCore

@ -303,7 +304,7 @@ class InstanceCardWidget(CardWidget):
        self._last_variant = variant
        self._last_subset_name = subset_name
        # Make `variant` bold
-        label = self.instance.label
+        label = html.escape(self.instance.label)
        found_parts = set(re.findall(variant, label, re.IGNORECASE))
        if found_parts:
            for part in found_parts:
--- a/openpype/tools/publisher/widgets/list_view_widgets.py
+++ b/openpype/tools/publisher/widgets/list_view_widgets.py
@ -23,6 +23,7 @@ selection can be enabled disabled using checkbox or keyboard key presses:
 ```
 """
 import collections
+import html

 from Qt import QtWidgets, QtCore, QtGui

@ -113,7 +114,9 @@ class InstanceListItemWidget(QtWidgets.QWidget):

        self.instance = instance

-        subset_name_label = QtWidgets.QLabel(instance.label, self)
+        instance_label = html.escape(instance.label)
+
+        subset_name_label = QtWidgets.QLabel(instance_label, self)
        subset_name_label.setObjectName("ListViewSubsetName")

        active_checkbox = NiceCheckbox(parent=self)
@ -178,7 +181,7 @@ class InstanceListItemWidget(QtWidgets.QWidget):
        # Check subset name
        label = self.instance.label
        if label != self._instance_label_widget.text():
-            self._instance_label_widget.setText(label)
+            self._instance_label_widget.setText(html.escape(label))
        # Check active state
        self.set_active(self.instance["active"])
        # Check valid states