From f2a614929412f9713318e2b1336bd0a77c0e9c57 Mon Sep 17 00:00:00 2001
From: Jon Gjengset <jon@thesquareplanet.com>
Date: Wed, 13 Feb 2019 12:41:10 -0500
Subject: [PATCH] Escape HTML entities in notif body

---
 Cargo.lock  | 9 ++++++++-
 Cargo.toml  | 3 ++-
 src/main.rs | 3 ++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 4a8a2fe..9cdd249 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -30,6 +30,11 @@ dependencies = [
  "nodrop 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "askama_escape"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
 [[package]]
 name = "aster"
 version = "0.38.0"
@@ -146,8 +151,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
 name = "buzz"
-version = "1.1.2"
+version = "1.1.3"
 dependencies = [
+ "askama_escape 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "imap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "mailparse 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
  "native-tls 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1474,6 +1480,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum aho-corasick 0.6.9 (registry+https://github.com/rust-lang/crates.io-index)" = "1e9a933f4e58658d7b12defcf96dc5c720f20832deebe3e0a19efd3b6aaeeb9e"
 "checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b"
 "checksum arrayvec 0.4.10 (registry+https://github.com/rust-lang/crates.io-index)" = "92c7fb76bc8826a8b33b4ee5bb07a247a81e76764ab4d55e8f73e3a4d8808c71"
+"checksum askama_escape 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "719b48039ffac1564f67d70162109ba9341125cee0096a540e478355b3c724a7"
 "checksum aster 0.38.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2c9b49e42a449c0b79d8acb91db37621de0978064dca7d3288ddcf030123e5b3"
 "checksum atk-sys 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "f8dc233521f7bffd3042c31082ea71bd08820abf44bac938fb36591e20f76f39"
 "checksum atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "9a7d5b8723950951411ee34d271d99dddcc2035a16ab25310ea2c8cfd4369652"
diff --git a/Cargo.toml b/Cargo.toml
index 3af0f74..6571442 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "buzz"
-version = "1.1.2"
+version = "1.1.3"
 
 description = "A simple system tray application for notifying about unseen e-mail"
 readme = "README.md"
@@ -30,3 +30,4 @@ toml = "0.4.2"
 xdg = "2.1.0"
 notify-rust = "3.4.0"
 rayon = "1.0.0"
+askama_escape = "0.1"
diff --git a/src/main.rs b/src/main.rs
index ad5ce10..af40e86 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,3 +1,4 @@
+extern crate askama_escape;
 extern crate imap;
 extern crate mailparse;
 extern crate native_tls;
@@ -147,7 +148,7 @@ impl<T: Read + Write + imap::extensions::idle::SetReadTimeout> Connection<T> {
                 println!("{}", notification);
                 Notification::new()
                     .summary(&title)
-                    .body(&notification)
+                    .body(&format!("{}", askama_escape::escape(&notification)))
                     .icon("notification-message-email")
                     .hint(NotificationHint::Category("email".to_owned()))
                     .timeout(-1)