panel: sanitize variables added to markup

[trigg]

I've intentionally side-stepped touching command-output as it is fully possible that some users are intentionally writing markup out from a command to the panel.

[trigg]

Fixes #266

[NamorNiradnug]

Hi! Thanks for your PR.
Current behavior is actually not a bug but a feature because StatusNotifierItem protocol allows markup tags in tooltip text: https://www.freedesktop.org/wiki/Specifications/StatusNotifierItem/Markup/

[trigg]

Interesting, that is an issue.

This came to light because an app (Spotify i believe) was using a loose ampersand which was causing a warning and incorrect label.

[NamorNiradnug]

What if we apply escape_text on tooltip_title only, but not on tooltip_text?

[trigg]

Looking back at the initial bug, yes that would cover it. Might still be scope for the bug to creep back in as the documentation you linked doesn't mention escaping & at all.

[NamorNiradnug]

Looking back at the initial bug, yes that would cover it. Might still be scope for the bug to creep back in as the documentation you linked doesn't mention escaping & at all.

I think that's a good solution then because it's simple and the specification doesn't mean markup for title. Escaping & and other symbols manually would make the code complicated and I don't think it is worth it.

[ammen99]

@trigg @NamorNiradnug what should be done with this PR? I have no idea about the notification widget at this point, so I trust you can figure it out between yourselves ;)

[NamorNiradnug]

@trigg @NamorNiradnug what should be done with this PR? I have no idea about the notification widget at this point, so I trust you can figure it out between yourselves ;)

Current solution degrades the support of markup. Hence I think we shouldn't merge it yet.