Escape HTML characters when rendering MRVA results as markdown (#1462)
This commit is contained in:
Shati Patel
@@ -138,7 +138,7 @@ function generateMarkdownForCodeSnippet(
|
|||||||
const codeLines = codeSnippet.text
|
const codeLines = codeSnippet.text
|
||||||
.split('\n')
|
.split('\n')
|
||||||
.map((line, index) =>
|
.map((line, index) =>
|
||||||
highlightCodeLines(line, index + snippetStartLine, highlightedRegion)
|
highlightAndEscapeCodeLines(line, index + snippetStartLine, highlightedRegion)
|
||||||
);
|
);
|
||||||
|
|
||||||
// Make sure there are no extra newlines before or after the <code> block:
|
// Make sure there are no extra newlines before or after the <code> block:
|
||||||
@@ -153,20 +153,25 @@ function generateMarkdownForCodeSnippet(
|
|||||||
return lines;
|
return lines;
|
||||||
}
|
}
|
||||||
|
|
||||||
function highlightCodeLines(
|
function highlightAndEscapeCodeLines(
|
||||||
line: string,
|
line: string,
|
||||||
lineNumber: number,
|
lineNumber: number,
|
||||||
highlightedRegion?: HighlightedRegion
|
highlightedRegion?: HighlightedRegion
|
||||||
): string {
|
): string {
|
||||||
if (!highlightedRegion || !shouldHighlightLine(lineNumber, highlightedRegion)) {
|
if (!highlightedRegion || !shouldHighlightLine(lineNumber, highlightedRegion)) {
|
||||||
return line;
|
return escapeHtmlCharacters(line);
|
||||||
}
|
}
|
||||||
const partiallyHighlightedLine = parseHighlightedLine(
|
const partiallyHighlightedLine = parseHighlightedLine(
|
||||||
line,
|
line,
|
||||||
lineNumber,
|
lineNumber,
|
||||||
highlightedRegion
|
highlightedRegion
|
||||||
);
|
);
|
||||||
return `${partiallyHighlightedLine.plainSection1}<strong>${partiallyHighlightedLine.highlightedSection}</strong>${partiallyHighlightedLine.plainSection2}`;
|
|
||||||
|
const plainSection1 = escapeHtmlCharacters(partiallyHighlightedLine.plainSection1);
|
||||||
|
const highlightedSection = escapeHtmlCharacters(partiallyHighlightedLine.highlightedSection);
|
||||||
|
const plainSection2 = escapeHtmlCharacters(partiallyHighlightedLine.plainSection2);
|
||||||
|
|
||||||
|
return `${plainSection1}<strong>${highlightedSection}</strong>${plainSection2}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
function generateMarkdownForAlertMessage(
|
function generateMarkdownForAlertMessage(
|
||||||
@@ -330,3 +335,10 @@ function createFileName(nwo: string) {
|
|||||||
const [owner, repo] = nwo.split('/');
|
const [owner, repo] = nwo.split('/');
|
||||||
return `${owner}-${repo}`;
|
return `${owner}-${repo}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Escape characters that could be interpreted as HTML instead of raw code.
|
||||||
|
*/
|
||||||
|
function escapeHtmlCharacters(text: string): string {
|
||||||
|
return text.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>');
|
||||||
|
}
|
||||||
|
|||||||
@@ -148,6 +148,34 @@
|
|||||||
"endColumn": 57
|
"endColumn": 57
|
||||||
},
|
},
|
||||||
"codeFlows": []
|
"codeFlows": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"message": {
|
||||||
|
"tokens": [
|
||||||
|
{
|
||||||
|
"t": "text",
|
||||||
|
"text": "This component is implicitly exported."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"shortDescription": "This component is implicitly exported.",
|
||||||
|
"fileLink": {
|
||||||
|
"fileLinkPrefix": "https://github.com/AlexRogalskiy/android-nrf-toolbox/blob/034cf3aa7d2a3a4145177de32546ca518a462a66",
|
||||||
|
"filePath": "app/src/main/AndroidManifest.xml"
|
||||||
|
},
|
||||||
|
"severity": "Warning",
|
||||||
|
"codeSnippet": {
|
||||||
|
"startLine": 237,
|
||||||
|
"endLine": 251,
|
||||||
|
"text": "\t\t</service>\n\n\t\t<activity\n\t\t\tandroid:name=\"no.nordicsemi.android.nrftoolbox.dfu.DfuInitiatorActivity\"\n\t\t\tandroid:label=\"@string/dfu_service_title\"\n\t\t\tandroid:noHistory=\"true\"\n\t\t\tandroid:theme=\"@style/AppTheme.Translucent\" >\n\t\t\t<intent-filter>\n\t\t\t\t<action android:name=\"no.nordicsemi.android.action.DFU_UPLOAD\" />\n\n\t\t\t\t<category android:name=\"android.intent.category.DEFAULT\" />\n\t\t\t</intent-filter>\n\t\t</activity>\n\n\t\t<service\n"
|
||||||
|
},
|
||||||
|
"highlightedRegion": {
|
||||||
|
"startLine": 239,
|
||||||
|
"startColumn": 3,
|
||||||
|
"endLine": 249,
|
||||||
|
"endColumn": 15
|
||||||
|
},
|
||||||
|
"codeFlows": []
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -41,4 +41,4 @@ select t,
|
|||||||
| Repository | Results |
|
| Repository | Results |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
| github/codeql | [1 result(s)](#file-github-codeql-md) |
|
| github/codeql | [1 result(s)](#file-github-codeql-md) |
|
||||||
| meteor/meteor | [4 result(s)](#file-meteor-meteor-md) |
|
| meteor/meteor | [5 result(s)](#file-meteor-meteor-md) |
|
||||||
@@ -4,9 +4,9 @@
|
|||||||
|
|
||||||
<pre><code class="javascript"> /g,hashElement);
|
<pre><code class="javascript"> /g,hashElement);
|
||||||
*/
|
*/
|
||||||
text = text.replace(/(\n\n[ ]{0,3}<!(--<strong>[^\r]*?</strong>--\s*)+>[ \t]*(?=\n{2,}))/g,hashElement);
|
text = text.replace(/(\n\n[ ]{0,3}<!(--<strong>[^\r]*?</strong>--\s*)+>[ \t]*(?=\n{2,}))/g,hashElement);
|
||||||
|
|
||||||
// PHP and ASP-style processor instructions (<?...?> and <%...%>)
|
// PHP and ASP-style processor instructions (<?...?> and <%...%>)
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
*This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '----'.*
|
*This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '----'.*
|
||||||
@@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
<pre><code class="javascript"> // Build a regex to find HTML tags and comments. See Friedl's
|
<pre><code class="javascript"> // Build a regex to find HTML tags and comments. See Friedl's
|
||||||
// "Mastering Regular Expressions", 2nd Ed., pp. 200-201.
|
// "Mastering Regular Expressions", 2nd Ed., pp. 200-201.
|
||||||
var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--<strong>.*?</strong>--\s*)+>)/gi;
|
var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--<strong>.*?</strong>--\s*)+>)/gi;
|
||||||
|
|
||||||
text = text.replace(regex, function(wholeMatch) {
|
text = text.replace(regex, function(wholeMatch) {
|
||||||
</code></pre>
|
</code></pre>
|
||||||
@@ -46,3 +46,26 @@ pp.strictDirective = function(start) {
|
|||||||
*This part of the regular expression may cause exponential backtracking on strings starting with '"' and containing many repetitions of '\!'.*
|
*This part of the regular expression may cause exponential backtracking on strings starting with '"' and containing many repetitions of '\!'.*
|
||||||
|
|
||||||
----------------------------------------
|
----------------------------------------
|
||||||
|
|
||||||
|
[app/src/main/AndroidManifest.xml](https://github.com/AlexRogalskiy/android-nrf-toolbox/blob/034cf3aa7d2a3a4145177de32546ca518a462a66/app/src/main/AndroidManifest.xml#L239-L249)
|
||||||
|
|
||||||
|
<pre><code class="javascript"> </service>
|
||||||
|
|
||||||
|
<strong><activity</strong>
|
||||||
|
<strong> android:name="no.nordicsemi.android.nrftoolbox.dfu.DfuInitiatorActivity"</strong>
|
||||||
|
<strong> android:label="@string/dfu_service_title"</strong>
|
||||||
|
<strong> android:noHistory="true"</strong>
|
||||||
|
<strong> android:theme="@style/AppTheme.Translucent" ></strong>
|
||||||
|
<strong> <intent-filter></strong>
|
||||||
|
<strong> <action android:name="no.nordicsemi.android.action.DFU_UPLOAD" /></strong>
|
||||||
|
<strong></strong>
|
||||||
|
<strong> <category android:name="android.intent.category.DEFAULT" /></strong>
|
||||||
|
<strong> </intent-filter></strong>
|
||||||
|
<strong> </activity></strong>
|
||||||
|
|
||||||
|
<service
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
*This component is implicitly exported.*
|
||||||
|
|
||||||
|
----------------------------------------
|
||||||
|
|||||||
Reference in New Issue
Block a user