diff --git a/src/main/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/markup/MarkdownFormatterFactory.java b/src/main/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/markup/MarkdownFormatterFactory.java index e6f0b7942..517f09c09 100644 --- a/src/main/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/markup/MarkdownFormatterFactory.java +++ b/src/main/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/markup/MarkdownFormatterFactory.java @@ -19,6 +19,7 @@ package com.github.mc1arke.sonarqube.plugin.ce.pullrequest.markup; import java.util.stream.IntStream; +import static com.google.common.html.HtmlEscapers.htmlEscaper; public final class MarkdownFormatterFactory implements FormatterFactory { @@ -110,7 +111,7 @@ public Formatter textFormatter() { return new BaseFormatter() { @Override public String format(Text node, FormatterFactory formatterFactory) { - return node.getContent(); + return htmlEscaper().escape(node.getContent()).trim(); } }; } diff --git a/src/test/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/markup/MarkdownFormatterFactoryTest.java b/src/test/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/markup/MarkdownFormatterFactoryTest.java index 0d2890b44..7b535f9bf 100644 --- a/src/test/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/markup/MarkdownFormatterFactoryTest.java +++ b/src/test/java/com/github/mc1arke/sonarqube/plugin/ce/pullrequest/markup/MarkdownFormatterFactoryTest.java @@ -84,4 +84,18 @@ public void testTextFormatter() { MarkdownFormatterFactory testCase = new MarkdownFormatterFactory(); assertEquals("Text", testCase.textFormatter().format(new Text("Text"), testCase)); } -} \ No newline at end of file + + @Test + public void testContentTextFormatterEscapedHtml(){ + MarkdownFormatterFactory testCase = new MarkdownFormatterFactory(); + assertEquals("<p> no html allowed", testCase.textFormatter().format(new Text("

no html allowed"), testCase)); + assertEquals("no html <p> allowed", testCase.textFormatter().format(new Text("no html

allowed"), testCase)); + assertEquals("</i>no html <p> allowed<i>", testCase.textFormatter().format(new Text("no html

allowed"), testCase)); + } + + @Test + public void testContentTextFormatterTrimWhitespaceAtBeginAndEnd(){ + MarkdownFormatterFactory testCase = new MarkdownFormatterFactory(); + assertEquals("", testCase.textFormatter().format(new Text(" "), testCase)); + } +}