alert_dialog.rb in alexandria-book-collection-manager-0.7.8

- old
+ new

@@ -2,10 +2,12 @@
 
 # This file is part of Alexandria.
 #
 # See the file README.md for authorship and licensing information.
 
+require "cgi"
+
 module Alexandria
   module UI
     class AlertDialog
       def initialize(parent, title, stock_icon, buttons, message = nil)
         @dialog = Gtk::Dialog.new(title: "", parent: parent, flags: :destroy_with_parent,
@@ -24,10 +26,10 @@
         hbox.pack_start(image)
 
         vbox = Gtk::Box.new(:vertical, 6)
         vbox.homogeneous = false
         vbox.pack_start make_label("<b><big>#{title}</big></b>")
-        vbox.pack_start make_label(message.strip) unless message
+        vbox.pack_start make_label CGI.escapeHTML(message.strip) if message
         hbox.pack_start(vbox)
 
         @dialog.child.pack_start(hbox)
       end
 