SONAR-6576 fix parsing of "<" and ">" characters

2 files changed, 7 insertions, 1 deletions

diff --git a/server/sonar-web/src/main/js/components/source-viewer/helpers/code-with-issue-locations-helper.js b/server/sonar-web/src/main/js/components/source-viewer/helpers/code-with-issue-locations-helper.js
index fd5d56a3bde..eed0d5f26d4 100644
--- a/server/sonar-web/src/main/js/components/source-viewer/helpers/code-with-issue-locations-helper.js
+++ b/server/sonar-web/src/main/js/components/source-viewer/helpers/code-with-issue-locations-helper.js
@@ -92,7 +92,7 @@ define(function () {
    */
   function generateHTML (tokens) {
     return tokens.map(function (token) {
-      return '<span class="' + token.className + '">' + token.text + '</span>';
+      return '<span class="' + token.className + '">' + _.escape(token.text) + '</span>';
     }).join('');
   }
 
diff --git a/server/sonar-web/test/unit/code-with-issue-locations-helper.spec.js b/server/sonar-web/test/unit/code-with-issue-locations-helper.spec.js
index a1fa2cb0a1e..7c3938c2d86 100644
--- a/server/sonar-web/test/unit/code-with-issue-locations-helper.spec.js
+++ b/server/sonar-web/test/unit/code-with-issue-locations-helper.spec.js
@@ -51,6 +51,12 @@ define(function (require) {
           '<span class="cppd"> * Copyright (C</span><span class="cppd x">) 200</span><span class="cppd">8-20</span><span class="cppd x">14 So</span><span class="cppd">narSource</span>');
       //   <span class="cppd"> * Copyright (C</span><span class="cppd x">) 200</span><span class="cppd">8-20</span><span class="cppd x">4 So</span><span class="cppd">narSource</span>
     });
+
+    bdd.it('should parse line with < and >', function () {
+      var code = '<span class="j">#include &lt;stdio.h&gt;</span>',
+          result = helper(code, []);
+      assert.equal(result, '<span class="j">#include &lt;stdio.h&gt;</span>');
+    });
   });
 });