diff -up arora-0.11.0/src/network/networkaccessmanager.cpp.fake-certificate-issuer arora-0.11.0/src/network/networkaccessmanager.cpp

--- arora-0.11.0/src/network/networkaccessmanager.cpp.fake-certificate-issuer	2010-09-27 04:42:17.000000000 +0200

+++ arora-0.11.0/src/network/networkaccessmanager.cpp	2011-10-20 16:22:39.119469071 +0200

@@ -249,12 +249,35 @@ void NetworkAccessManager::proxyAuthenti

     }

 }

+// TODO (QT5): use QString::htmlEscape or whatever https://qt.gitorious.org/qt/qtbase/merge_requests/56

+// ends up with.

+// original author: David Faure

+static QString htmlEscape(const QString &plain)

+{

+    QString rich;

+    rich.reserve(int(plain.length() * 1.1));

+        for (int i = 0; i < plain.length(); ++i) {

+        if (plain.at(i) == QLatin1Char('<'))

+            rich += QLatin1String("<");

+        else if (plain.at(i) == QLatin1Char('>'))

+            rich += QLatin1String(">");

+        else if (plain.at(i) == QLatin1Char('&'))

+            rich += QLatin1String("&");

+        else if (plain.at(i) == QLatin1Char('"'))

+            rich += QLatin1String(""");

+        else

+            rich += plain.at(i);

+    }

+    rich.squeeze();

+    return rich;

+}

+

 #ifndef QT_NO_OPENSSL

 QString NetworkAccessManager::certToFormattedString(QSslCertificate cert)

 {

     QStringList message;

     message << cert.subjectInfo(QSslCertificate::CommonName);

-    message << tr("Issuer: %1").arg(cert.issuerInfo(QSslCertificate::CommonName));

+    message << tr("Issuer: %1").arg(htmlEscape(cert.issuerInfo(QSslCertificate::CommonName)));

     message << tr("Not valid before: %1").arg(cert.effectiveDate().toString());

     message << tr("Valid until: %1").arg(cert.expiryDate().toString());