# HG changeset patch
# User Mark Doliner <mark@kingant.net>
# Date 1189487178 0
# Node ID 1b8af105614d5fe065452a865aec2a38378fda07
# Parent  d397000d32fc1edc83136360624955f33bb82c92
Data in vCards is supposed to be plain text, not HTML.  So escape
vCards when displaying them.

diff -r d397000d32fc -r 1b8af105614d libpurple/protocols/jabber/buddy.c
--- a/libpurple/protocols/jabber/buddy.c	Tue Sep 11 04:06:56 2007 +0000
+++ b/libpurple/protocols/jabber/buddy.c	Tue Sep 11 05:06:18 2007 +0000
@@ -1160,6 +1160,17 @@
 	jabber_iq_send(iq);
 }
 
+static void
+jabber_string_escape_and_append(GString *string, const char *name, const char *value, gboolean indent)
+{
+	gchar *escaped;
+
+	escaped = g_markup_escape_text(value, -1);
+	g_string_append_printf(string, "%s<b>%s:</b> %s<br/>",
+			indent ? "&nbsp;&nbsp;" : "", name, escaped);
+	g_free(escaped);
+}
+
 static void jabber_vcard_parse(JabberStream *js, xmlnode *packet, gpointer data)
 {
 	const char *id, *from;
@@ -1204,8 +1215,8 @@
 
 			text = xmlnode_get_data(child);
 			if(text && !strcmp(child->name, "FN")) {
-				g_string_append_printf(info_text, "<b>%s:</b> %s<br/>",
-						_("Full Name"), text);
+				jabber_string_escape_and_append(info_text,
+						_("Full Name"), text, FALSE);
 			} else if(!strcmp(child->name, "N")) {
 				for(child2 = child->child; child2; child2 = child2->next)
 				{
@@ -1216,17 +1227,14 @@
 
 					text2 = xmlnode_get_data(child2);
 					if(text2 && !strcmp(child2->name, "FAMILY")) {
-						g_string_append_printf(info_text,
-								"<b>%s:</b> %s<br/>",
-								_("Family Name"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Family Name"), text2, FALSE);
 					} else if(text2 && !strcmp(child2->name, "GIVEN")) {
-						g_string_append_printf(info_text,
-								"<b>%s:</b> %s<br/>",
-								_("Given Name"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Given Name"), text2, FALSE);
 					} else if(text2 && !strcmp(child2->name, "MIDDLE")) {
-						g_string_append_printf(info_text,
-								"<b>%s:</b> %s<br/>",
-								_("Middle Name"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Middle Name"), text2, FALSE);
 					}
 					g_free(text2);
 				}
@@ -1235,11 +1243,11 @@
 				if(b) {
 					purple_blist_node_set_string((PurpleBlistNode*)b, "servernick", text);
 				}
-				g_string_append_printf(info_text, "<b>%s:</b> %s<br/>",
-						_("Nickname"), text);
+				jabber_string_escape_and_append(info_text,
+						_("Nickname"), text, FALSE);
 			} else if(text && !strcmp(child->name, "BDAY")) {
-				g_string_append_printf(info_text, "<b>%s:</b> %s<br/>",
-						_("Birthday"), text);
+				jabber_string_escape_and_append(info_text,
+						_("Birthday"), text, FALSE);
 			} else if(!strcmp(child->name, "ADR")) {
 				gboolean address_line_added = FALSE;
 
@@ -1264,34 +1272,27 @@
 					}
 
 					if(!strcmp(child2->name, "POBOX")) {
-						g_string_append_printf(info_text,
-								"&nbsp;<b>%s:</b> %s<br/>",
-								_("P.O. Box"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("P.O. Box"), text2, TRUE);
 					} else if(!strcmp(child2->name, "EXTADR")) {
-						g_string_append_printf(info_text,
-								"&nbsp;<b>%s:</b> %s<br/>",
-								_("Extended Address"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Extended Address"), text2, TRUE);
 					} else if(!strcmp(child2->name, "STREET")) {
-						g_string_append_printf(info_text,
-								"&nbsp;<b>%s:</b> %s<br/>",
-								_("Street Address"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Street Address"), text2, TRUE);
 					} else if(!strcmp(child2->name, "LOCALITY")) {
-						g_string_append_printf(info_text,
-								"&nbsp;<b>%s:</b> %s<br/>",
-								_("Locality"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Locality"), text2, TRUE);
 					} else if(!strcmp(child2->name, "REGION")) {
-						g_string_append_printf(info_text,
-								"&nbsp;<b>%s:</b> %s<br/>",
-								_("Region"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Region"), text2, TRUE);
 					} else if(!strcmp(child2->name, "PCODE")) {
-						g_string_append_printf(info_text,
-								"&nbsp;<b>%s:</b> %s<br/>",
-								_("Postal Code"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Postal Code"), text2, TRUE);
 					} else if(!strcmp(child2->name, "CTRY")
 								|| !strcmp(child2->name, "COUNTRY")) {
-						g_string_append_printf(info_text,
-								"&nbsp;<b>%s:</b> %s<br/>",
-								_("Country"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Country"), text2, TRUE);
 					}
 					g_free(text2);
 				}
@@ -1301,34 +1302,38 @@
 					/* show what kind of number it is */
 					number = xmlnode_get_data(child2);
 					if(number) {
-						g_string_append_printf(info_text,
-								"<b>%s:</b> %s<br/>", _("Telephone"), number);
+						jabber_string_escape_and_append(info_text,
+								_("Telephone"), number, FALSE);
 						g_free(number);
 					}
 				} else if((number = xmlnode_get_data(child))) {
 					/* lots of clients (including purple) do this, but it's
 					 * out of spec */
-					g_string_append_printf(info_text,
-							"<b>%s:</b> %s<br/>", _("Telephone"), number);
+					jabber_string_escape_and_append(info_text,
+							_("Telephone"), number, FALSE);
 					g_free(number);
 				}
 			} else if(!strcmp(child->name, "EMAIL")) {
-				char *userid;
+				char *userid, *escaped;
 				if((child2 = xmlnode_get_child(child, "USERID"))) {
 					/* show what kind of email it is */
 					userid = xmlnode_get_data(child2);
 					if(userid) {
+						escaped = g_markup_escape_text(userid, -1);
 						g_string_append_printf(info_text,
-								"<b>%s:</b> <a href='mailto:%s'>%s</a><br/>",
-								_("E-Mail"), userid, userid);
+								"<b>%s:</b> <a href=\"mailto:%s\">%s</a><br/>",
+								_("E-Mail"), escaped, escaped);
+						g_free(escaped);
 						g_free(userid);
 					}
 				} else if((userid = xmlnode_get_data(child))) {
 					/* lots of clients (including purple) do this, but it's
 					 * out of spec */
-						g_string_append_printf(info_text,
-								"<b>%s:</b> <a href='mailto:%s'>%s</a><br/>",
-								_("E-Mail"), userid, userid);
+					escaped = g_markup_escape_text(userid, -1);
+					g_string_append_printf(info_text,
+							"<b>%s:</b> <a href=\"mailto:%s\">%s</a><br/>",
+							_("E-Mail"), escaped, escaped);
+					g_free(escaped);
 					g_free(userid);
 				}
 			} else if(!strcmp(child->name, "ORG")) {
@@ -1341,25 +1346,23 @@
 
 					text2 = xmlnode_get_data(child2);
 					if(text2 && !strcmp(child2->name, "ORGNAME")) {
-						g_string_append_printf(info_text,
-								"<b>%s:</b> %s<br/>",
-								_("Organization Name"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Organization Name"), text2, FALSE);
 					} else if(text2 && !strcmp(child2->name, "ORGUNIT")) {
-						g_string_append_printf(info_text,
-								"<b>%s:</b> %s<br/>",
-								_("Organization Unit"), text2);
+						jabber_string_escape_and_append(info_text,
+								_("Organization Unit"), text2, FALSE);
 					}
 					g_free(text2);
 				}
 			} else if(text && !strcmp(child->name, "TITLE")) {
-				g_string_append_printf(info_text, "<b>%s:</b> %s<br/>",
-						_("Title"), text);
+				jabber_string_escape_and_append(info_text,
+						_("Title"), text, FALSE);
 			} else if(text && !strcmp(child->name, "ROLE")) {
-				g_string_append_printf(info_text, "<b>%s:</b> %s<br/>",
-						_("Role"), text);
+				jabber_string_escape_and_append(info_text,
+						_("Role"), text, FALSE);
 			} else if(text && !strcmp(child->name, "DESC")) {
-				g_string_append_printf(info_text, "<b>%s:</b> %s<br/>",
-						_("Description"), text);
+				jabber_string_escape_and_append(info_text,
+						_("Description"), text, FALSE);
 			} else if(!strcmp(child->name, "PHOTO") ||
 					!strcmp(child->name, "LOGO")) {
 				char *bintext = NULL;