Skip to content

Commit

Permalink
HTML-escape all job-provided data
Browse files Browse the repository at this point in the history
  • Loading branch information
DanielHeath authored and toote committed Jul 25, 2024
1 parent b70941e commit 5d50ecb
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ruby/bin/annotate
Original file line number Diff line number Diff line change
Expand Up @@ -85,9 +85,9 @@ puts "Total tests: #{testcases}"
failures.each do |failure|
puts ""
puts "<details>"
puts "<summary><code>#{failure.name} in #{failure.unit_name}</code></summary>\n\n"
puts "<summary><code>#{CGI.escapeHTML failure.name} in #{CGI.escapeHTML failure.unit_name}</code></summary>\n\n"
if failure.message
puts "<p>#{failure.message.chomp.strip}</p>\n\n"
puts "<p>#{CGI.escapeHTML failure.message.chomp.strip}</p>\n\n"
end
if failure.body
puts "<pre><code>#{CGI.escapeHTML(failure.body.chomp.strip)}</code></pre>\n\n"
Expand Down

0 comments on commit 5d50ecb

Please sign in to comment.