Merge branch 'master' into TypedWords

nvaccess · Jan 15, 2025 · 7be75c6 · 7be75c6
2 parents 4c8eba2 + 19296bf
commit 7be75c6
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/source/synthDrivers/sapi5.py b/source/synthDrivers/sapi5.py
@@ -120,7 +120,7 @@ def IStream_RemoteSeek(
 		if dwOrigin == 1 and dlibMove.QuadPart == 0:
 			# SAPI is querying the current position.
 			if plibNewPosition:
-				plibNewPosition.QuadPart = self._writtenBytes
+				plibNewPosition[0].QuadPart = self._writtenBytes
 			return hresult.S_OK
 		return hresult.E_NOTIMPL
 
@@ -194,13 +194,13 @@ def Bookmark(self, streamNum: int, pos: int, bookmark: str, bookmarkId: int):
 
 	def EndStream(self, streamNum: int, pos: int):
 		synth = self.synthRef()
+		synth.player.idle()
 		# trigger all untriggered bookmarks
 		if streamNum in synth._streamBookmarks:
 			for bookmark in synth._streamBookmarks[streamNum]:
 				synthIndexReached.notify(synth=synth, index=bookmark)
 			del synth._streamBookmarks[streamNum]
 		synth.isSpeaking = False
-		synth.player.idle()
 		synthDoneSpeaking.notify(synth=synth)
 
 	def onIndexReached(self, streamNum: int, index: int):

diff --git a/source/ui.py b/source/ui.py
@@ -21,13 +21,16 @@
 from comtypes import automation
 from comtypes import COMError
 from html import escape
+
+import nh3
 from logHandler import log
 import gui
 import speech
 import braille
 from config.configFlags import TetherTo
 import globalVars
 from typing import Optional
+from collections.abc import Callable
 
 from utils.security import isRunningOnSecureDesktop
 
@@ -135,6 +138,7 @@ def browseableMessage(
 	isHtml: bool = False,
 	closeButton: bool = False,
 	copyButton: bool = False,
+	sanitizeHtmlFunc: Callable[[str], str] = nh3.clean,
 ) -> None:
 	"""Present a message to the user that can be read in browse mode.
 	The message will be presented in an HTML document.
@@ -144,6 +148,10 @@ def browseableMessage(
 	:param isHtml: Whether the message is html, defaults to False.
 	:param closeButton: Whether to include a "close" button, defaults to False.
 	:param copyButton: Whether to include a "copy" (to clipboard) button, defaults to False.
+	:param sanitizeHtmlFunc: How to sanitize the html message, if isHtml is True.
+	Defaults to `nh3.clean` with default arguments.
+	Ensure to sanitize the html message if the source of it could be untrusted.
+	Any translatable string, or user generated content should be sanitized.
 	"""
 	if isRunningOnSecureDesktop():
 		_warnBrowsableMessageNotAvailableOnSecureScreens(title)
@@ -179,10 +187,11 @@ def browseableMessage(
 	d.add("title", title)
 
 	if not isHtml:
-		message = f"<pre>{escape(message)}</pre>"
+		messageSanitized = f"<pre>{escape(message)}</pre>"
 	else:
-		log.warning("Passing raw HTML to ui.browseableMessage!")
-	d.add("message", message)
+		log.debug("Sanitizing raw HTML before passing to ui.browseableMessage")
+		messageSanitized = sanitizeHtmlFunc(message)
+	d.add("message", messageSanitized)
 
 	# Translators: A notice to the user that a copy operation succeeded.
 	d.add("copySuccessfulAlertText", _("Text copied."))

diff --git a/user_docs/en/changes.md b/user_docs/en/changes.md
@@ -171,6 +171,10 @@ As the NVDA update check URL is now configurable directly within NVDA, no replac
 * The following symbols have been removed with no replacement: `languageHandler.getLanguageCliArgs`, `__main__.quitGroup` and `__main__.installGroup` . (#17486, @CyrilleB79)
 * Prefix matching on command line flags, e.g. using `--di` for `--disable-addons` is no longer supported. (#11644, @CyrilleB79)
 * The `useAsFallBack` keyword argument of `bdDetect.DriverRegistrar` has been renamed to `useAsFallback`. (#17521, @LeonarddeR)
+* `ui.browseableMessage` now takes a parameter `sanitizeHtmlFunc`.
+This defaults to `nh3.clean` with default arguments.
+This means any HTML passed into `ui.browseableMessage` using `isHtml=True` is now sanitized by default.
+To change sanitization rules, such as whitelisting tags or attributes, create a function that calls `nh3.clean` with the desired parameters. (#16985)
 * `updateCheck.UpdateAskInstallDialog` no longer automatically performs an action when the update or postpone buttons are pressed.
 Instead, a `callback` property has been added, which returns a function that performs the appropriate action when called with the return value from the dialog. (#17582)
 * Dialogs opened with `gui.runScriptModalDialog` are now recognised as modal by NVDA. (#17582)