Tray tooltip variables are used without checking for escape sequences

[trigg]

https://github.com/WayfireWM/wf-shell/blob/3e7576f1a74abf746d3b6c3da914a428bbbd2ca7/src/panel/widgets/tray/item.cpp#L188

both tooltip_title and tooltip_text should be checked for escapable characters before passing to set_markup

The equivalent python code I've written previously to clean this up is

def sanitize_string(self, string):
        """Sanitize a text message so that it doesn't interfere with Pango's XML format"""
        string = string.replace("&", "&")
        string = string.replace("<", "&lt;")
        string = string .replace(">", "&gt;")
        string = string.replace("'", "&#39;")
        string = string.replace("\"", "&#34;")
        return string

And the error can be triggered with this short python code

import gi
gi.require_version("Gtk", "3.0")
gi.require_version('AppIndicator3', '0.1')
# pylint: disable=wrong-import-position,wrong-import-order
from gi.repository import Gtk, Gdk, GLib  # nopep8
from gi.repository import AppIndicator3

window = Gtk.Window()
window.set_title("& WHY")
window.show()
menu = Gtk.Menu()
ind = AppIndicator3.Indicator.new(
    "test",
    "test",
    AppIndicator3.IndicatorCategory.APPLICATION_STATUS)
ind.set_title("& discover")
ind.set_status(AppIndicator3.IndicatorStatus.ACTIVE)
ind.set_menu(menu)
window.connect('destroy', Gtk.main_quit)
Gtk.main()

[NamorNiradnug]

Hi! This is actually not a bug but a feature because StatusNotifierItem allows markup tags in tooltip text: https://www.freedesktop.org/wiki/Specifications/StatusNotifierItem/Markup/