Updater: Escape HTML characters in commit descriptions

This commit is contained in:
Dentomologist 2021-05-24 09:44:21 -07:00
parent a12865570d
commit 99ed43280d
4 changed files with 34 additions and 3 deletions

View File

@ -5,6 +5,7 @@
#include "Common/StringUtil.h"
#include <algorithm>
#include <array>
#include <codecvt>
#include <cstdarg>
#include <cstddef>
@ -664,3 +665,21 @@ std::vector<std::string> CommandLineToUtf8Argv(const wchar_t* command_line)
return argv;
}
#endif
std::string GetEscapedHtml(std::string html)
{
static constexpr std::array<std::array<const char*, 2>, 5> replacements{{
// Escape ampersand first to avoid escaping the ampersands in other replacements
{{"&", "&amp;"}},
{{"<", "&lt;"}},
{{">", "&gt;"}},
{{"\"", "&quot;"}},
{{"'", "&apos;"}},
}};
for (const auto& [unescaped, escaped] : replacements)
{
html = ReplaceAll(html, unescaped, escaped);
}
return html;
}

View File

@ -242,3 +242,5 @@ inline bool IsPrintableCharacter(char c)
#ifdef _WIN32
std::vector<std::string> CommandLineToUtf8Argv(const wchar_t* command_line);
#endif
std::string GetEscapedHtml(std::string html);

View File

@ -109,10 +109,10 @@ std::string GenerateChangelog(const picojson::array& versions)
{
changelog += ver_obj["shortrev"].get<std::string>();
}
const std::string escaped_description =
GetEscapedHtml(ver_obj["short_descr"].get<std::string>());
changelog += " by <a href = \"" + ver_obj["author_url"].get<std::string>() + "\">" +
ver_obj["author"].get<std::string>() + "</a> &mdash; " +
ver_obj["short_descr"].get<std::string>();
ver_obj["author"].get<std::string>() + "</a> &mdash; " + escaped_description;
}
else
{

View File

@ -105,3 +105,13 @@ TEST(StringUtil, ToString_TryParse_Roundtrip)
DoRoundTripTest<float>({0.0f, 1.0f, -1.0f, -0.5f, 0.5f, -1e-3f, 1e-3f, 1e3f, -1e3f});
DoRoundTripTest<double>({0.0, 1.0, -1.0, -0.5, 0.5, -1e-3, 1e-3, 1e3, -1e3});
}
TEST(StringUtil, GetEscapedHtml)
{
static constexpr auto no_escape_needed =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
"!@#$%^*()-_=+,./?;:[]{}| \\\t\n";
EXPECT_EQ(GetEscapedHtml(no_escape_needed), no_escape_needed);
EXPECT_EQ(GetEscapedHtml("&<>'\""), "&amp;&lt;&gt;&apos;&quot;");
EXPECT_EQ(GetEscapedHtml("&&&"), "&amp;&amp;&amp;");
}