summaryrefslogtreecommitdiffstats
path: root/sonar-markdown
diff options
context:
space:
mode:
authorJean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com>2014-05-12 18:43:58 +0200
committerJean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com>2014-05-12 18:44:06 +0200
commit1f906357067c5256314d6c899e76c86f60f7f559 (patch)
tree2723c0e6625bf1adefd69af127a444d4e6984090 /sonar-markdown
parentf59a579d18a7dc338c9adab23806019b14ac5c27 (diff)
downloadsonarqube-1f906357067c5256314d6c899e76c86f60f7f559.tar.gz
sonarqube-1f906357067c5256314d6c899e76c86f60f7f559.zip
SONAR-4681 SONAR-5295 Escape HTML before markdown interpolation
Diffstat (limited to 'sonar-markdown')
-rw-r--r--sonar-markdown/pom.xml4
-rw-r--r--sonar-markdown/src/main/java/org/sonar/markdown/HtmlBlockquoteChannel.java5
-rw-r--r--sonar-markdown/src/main/java/org/sonar/markdown/Markdown.java3
-rw-r--r--sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java6
4 files changed, 13 insertions, 5 deletions
diff --git a/sonar-markdown/pom.xml b/sonar-markdown/pom.xml
index 49f615bd35b..d28e9542fbd 100644
--- a/sonar-markdown/pom.xml
+++ b/sonar-markdown/pom.xml
@@ -19,6 +19,10 @@
<artifactId>sonar-channel</artifactId>
</dependency>
<dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
diff --git a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlBlockquoteChannel.java b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlBlockquoteChannel.java
index c236e15a19f..286e7e58c80 100644
--- a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlBlockquoteChannel.java
+++ b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlBlockquoteChannel.java
@@ -65,7 +65,7 @@ class HtmlBlockquoteChannel extends Channel<MarkdownOutput> {
private class QuotedLineElementChannel extends RegexChannel<MarkdownOutput> {
protected QuotedLineElementChannel() {
- super(">\\s[^\r\n]*+");
+ super("&gt;\\s[^\r\n]*+");
}
@Override
@@ -80,7 +80,8 @@ class HtmlBlockquoteChannel extends Channel<MarkdownOutput> {
private int searchIndexOfFirstCharacter(CharSequence token) {
for (int index = 0; index < token.length(); index++) {
- if (token.charAt(index) == '>') {
+ if (token.charAt(index) == '&') {
+ index += 4;
while (++ index < token.length()) {
if (token.charAt(index) != ' ') {
return index;
diff --git a/sonar-markdown/src/main/java/org/sonar/markdown/Markdown.java b/sonar-markdown/src/main/java/org/sonar/markdown/Markdown.java
index 5323a3966d5..3d932c62bc5 100644
--- a/sonar-markdown/src/main/java/org/sonar/markdown/Markdown.java
+++ b/sonar-markdown/src/main/java/org/sonar/markdown/Markdown.java
@@ -19,6 +19,7 @@
*/
package org.sonar.markdown;
+import org.apache.commons.lang.StringEscapeUtils;
import org.sonar.channel.ChannelDispatcher;
import org.sonar.channel.CodeReader;
@@ -53,6 +54,6 @@ public final class Markdown {
}
public static String convertToHtml(String input) {
- return new Markdown().convert(input);
+ return new Markdown().convert(StringEscapeUtils.escapeHtml(input));
}
}
diff --git a/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java b/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java
index 909fda8c539..462bee37175 100644
--- a/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java
+++ b/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java
@@ -67,8 +67,10 @@ public class MarkdownTest {
@Test
public void shouldDecorateBlockquote() {
- assertThat(Markdown.convertToHtml("> Yesterday it worked\n> Today it is not working\r\n> Software is like that\r"))
- .isEqualTo("<blockquote>Yesterday it worked<br/>\nToday it is not working<br/>\r\nSoftware is like that<br/>\r</blockquote>");
+ assertThat(Markdown.convertToHtml("> Yesterday <br/> it worked\n> Today it is not working\r\n> Software is like that\r"))
+ .isEqualTo("<blockquote>Yesterday &lt;br/&gt; it worked<br/>\nToday it is not working<br/>\r\nSoftware is like that<br/>\r</blockquote>");
+ assertThat(Markdown.convertToHtml("HTML elements should <em>not</em> be quoted!"))
+ .isEqualTo("HTML elements should &lt;em&gt;not&lt;/em&gt; be quoted!");
}
@Test