Merge pull request #9749 from Dentomologist/escape_update_commit_descriptions

Updater: Escape HTML characters in commit descriptions
This commit is contained in:
Léo Lam 2021-06-02 03:38:01 +02:00 committed by GitHub
commit 3ef9d5f659
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 3 deletions

View File

@ -5,6 +5,7 @@
#include "Common/StringUtil.h" #include "Common/StringUtil.h"
#include <algorithm> #include <algorithm>
#include <array>
#include <codecvt> #include <codecvt>
#include <cstdarg> #include <cstdarg>
#include <cstddef> #include <cstddef>
@ -664,3 +665,21 @@ std::vector<std::string> CommandLineToUtf8Argv(const wchar_t* command_line)
return argv; return argv;
} }
#endif #endif
std::string GetEscapedHtml(std::string html)
{
static constexpr std::array<std::array<const char*, 2>, 5> replacements{{
// Escape ampersand first to avoid escaping the ampersands in other replacements
{{"&", "&amp;"}},
{{"<", "&lt;"}},
{{">", "&gt;"}},
{{"\"", "&quot;"}},
{{"'", "&apos;"}},
}};
for (const auto& [unescaped, escaped] : replacements)
{
html = ReplaceAll(html, unescaped, escaped);
}
return html;
}

View File

@ -242,3 +242,5 @@ inline bool IsPrintableCharacter(char c)
#ifdef _WIN32 #ifdef _WIN32
std::vector<std::string> CommandLineToUtf8Argv(const wchar_t* command_line); std::vector<std::string> CommandLineToUtf8Argv(const wchar_t* command_line);
#endif #endif
std::string GetEscapedHtml(std::string html);

View File

@ -109,10 +109,10 @@ std::string GenerateChangelog(const picojson::array& versions)
{ {
changelog += ver_obj["shortrev"].get<std::string>(); changelog += ver_obj["shortrev"].get<std::string>();
} }
const std::string escaped_description =
GetEscapedHtml(ver_obj["short_descr"].get<std::string>());
changelog += " by <a href = \"" + ver_obj["author_url"].get<std::string>() + "\">" + changelog += " by <a href = \"" + ver_obj["author_url"].get<std::string>() + "\">" +
ver_obj["author"].get<std::string>() + "</a> &mdash; " + ver_obj["author"].get<std::string>() + "</a> &mdash; " + escaped_description;
ver_obj["short_descr"].get<std::string>();
} }
else else
{ {

View File

@ -105,3 +105,13 @@ TEST(StringUtil, ToString_TryParse_Roundtrip)
DoRoundTripTest<float>({0.0f, 1.0f, -1.0f, -0.5f, 0.5f, -1e-3f, 1e-3f, 1e3f, -1e3f}); DoRoundTripTest<float>({0.0f, 1.0f, -1.0f, -0.5f, 0.5f, -1e-3f, 1e-3f, 1e3f, -1e3f});
DoRoundTripTest<double>({0.0, 1.0, -1.0, -0.5, 0.5, -1e-3, 1e-3, 1e3, -1e3}); DoRoundTripTest<double>({0.0, 1.0, -1.0, -0.5, 0.5, -1e-3, 1e-3, 1e3, -1e3});
} }
TEST(StringUtil, GetEscapedHtml)
{
static constexpr auto no_escape_needed =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
"!@#$%^*()-_=+,./?;:[]{}| \\\t\n";
EXPECT_EQ(GetEscapedHtml(no_escape_needed), no_escape_needed);
EXPECT_EQ(GetEscapedHtml("&<>'\""), "&amp;&lt;&gt;&apos;&quot;");
EXPECT_EQ(GetEscapedHtml("&&&"), "&amp;&amp;&amp;");
}