Merge pull request #124 from rtfpessoa/fix-escaping-in-headers

Fix escaping in header lines

package.json

@@ -57,22 +57,22 @@
   "dependencies": {
     "diff": "^3.2.0",
     "hogan.js": "^3.0.2",
-    "whatwg-fetch": "^2.0.1"
+    "whatwg-fetch": "^2.0.3"
   },
   "devDependencies": {
-    "autoprefixer": "^6.6.1",
-    "browserify": "^13.3.0",
-    "clean-css": "^3.4.23",
-    "codacy-coverage": "^2.0.0",
-    "eslint": "^3.13.1",
-    "eslint-plugin-promise": "^3.4.0",
-    "eslint-plugin-standard": "^2.0.1",
+    "autoprefixer": "^6.7.7",
+    "browserify": "^14.1.0",
+    "clean-css": "^4.0.9",
+    "codacy-coverage": "^2.0.1",
+    "eslint": "^3.18.0",
+    "eslint-plugin-promise": "^3.5.0",
+    "eslint-plugin-standard": "^2.1.1",
     "fast-html-parser": "^1.0.1",
     "istanbul": "^0.4.5",
     "mkdirp": "^0.5.1",
     "mocha": "^3.2.0",
     "nopt": "^4.0.1",
-    "postcss-cli": "^2.6.0",
+    "postcss-cli": "^3.0.0",
     "uglifyjs": "^2.4.10"
   },
   "license": "MIT",

scripts/release.sh

@@ -31,7 +31,7 @@ rm -rf ${OUTPUT_DIR}
 mkdir -p ${OUTPUT_DIR}
 
 echo "Minifying ${OUTPUT_CSS_FILE} to ${OUTPUT_MIN_CSS_FILE}"
-postcss --use autoprefixer ${INPUT_CSS_FILE} -d ${OUTPUT_DIR}
+postcss --use autoprefixer -o ${OUTPUT_CSS_FILE} ${INPUT_CSS_FILE}
 cleancss --advanced --compatibility=ie8 -o ${OUTPUT_MIN_CSS_FILE} ${OUTPUT_CSS_FILE}
 
 echo "Pre-compile hogan.js templates"

src/line-by-line-printer.js

@@ -73,7 +73,7 @@
   LineByLinePrinter.prototype.makeColumnLineNumberHtml = function(block) {
     return hoganUtils.render(genericTemplatesPath, 'column-line-number', {
       diffParser: diffParser,
-      blockHeader: block.header,
+      blockHeader: utils.escape(block.header),
       lineClass: 'd2h-code-linenumber',
       contentClass: 'd2h-code-line'
     });

src/side-by-side-printer.js

@@ -71,7 +71,7 @@
   SideBySidePrinter.prototype.makeSideHtml = function(blockHeader) {
     return hoganUtils.render(genericTemplatesPath, 'column-line-number', {
       diffParser: diffParser,
-      blockHeader: blockHeader,
+      blockHeader: utils.escape(blockHeader),
       lineClass: 'd2h-code-side-linenumber',
       contentClass: 'd2h-code-side-line'
     });

src/utils.js

@@ -14,6 +14,9 @@
       .replace(/&/g, '&')
       .replace(/</g, '&lt;')
       .replace(/>/g, '&gt;')
+      .replace(/"/g, '&quot;')
+      .replace(/'/g, '&#x27;')
+      .replace(/\//g, '&#x2F;')
       .replace(/\t/g, '    ');
   };
 

test/diff2html-tests.js

@@ -288,5 +288,241 @@ describe('Diff2Html', function() {
       var result = Diff2Html.getPrettySideBySideHtmlFromDiff(diffExample1, {showFiles: true});
       assert.equal(htmlSideExample1WithFilesSummary, result);
     });
+
+    it('should generate pretty side by side html from diff with html on headers', function() {
+      var diffExample2 = 'diff --git a/CHANGELOG.md b/CHANGELOG.md\n' +
+        'index fc3e3f4..b486d10 100644\n' +
+        '--- a/CHANGELOG.md\n' +
+        '+++ b/CHANGELOG.md\n' +
+        '@@ -1,7 +1,6 @@\n' +
+        ' # Change Log\n' +
+        ' All notable changes to this project will be documented in this file.\n' +
+        ' This project adheres to [Semantic Versioning](http://semver.org/).\n' +
+        '-$a="<table><tr><td>Use the following format for additions: ` - VERSION: [feature/patch (if applicable)] Short description of change. Links to relevant issues/PRs.`\n' +
+        ' $a="<table><tr><td>\n' +
+        " $a=\"<table><tr><td>- 1.1.9: Fix around ubuntu's inability to cache promises. [#877](https://github.com/FredrikNoren/ungit/pull/878)\n" +
+        ' - 1.1.8:\n' +
+        "@@ -11,7 +10,7 @@ $a=\"<table><tr><td>- 1.1.9: Fix around ubuntu's inability to cache promises. [#8\n" +
+        ' - 1.1.7:\n' +
+        '     - Fix diff flickering issue and optimization [#865](https://github.com/FredrikNoren/ungit/pull/865)\n' +
+        '     - Fix credential dialog issue [#864](https://github.com/FredrikNoren/ungit/pull/864)\n' +
+        '-    - Fix HEAD branch order when redraw [#858](https://github.com/FredrikNoren/ungit/issues/858)\n' +
+        '+4    - Fix HEAD branch order when redraw [#858](https://github.com/FredrikNoren/ungit/issues/858)\n' +
+        ' - 1.1.6: Fix path auto complete [#861](https://github.com/FredrikNoren/ungit/issues/861)\n' +
+        ' - 1.1.5: Update "Toggle all" button after commit or changing selected files [#859](https://github.com/FredrikNoren/ungit/issues/859)\n' +
+        ' - 1.1.4: [patch] Promise refactoring\n' +
+        ' \n';
+
+      var htmlExample2 = '<div class="d2h-wrapper">\n' +
+        '    <div id="d2h-211439" class="d2h-file-wrapper" data-lang="md">\n' +
+        '    <div class="d2h-file-header">\n' +
+        '    <span class="d2h-file-name-wrapper">\n' +
+        '    <span class="d2h-icon-wrapper"><svg aria-hidden="true" class="d2h-icon" height="16" version="1.1" viewBox="0 0 12 16" width="12">\n' +
+        '    <path d="M6 5H2v-1h4v1zM2 8h7v-1H2v1z m0 2h7v-1H2v1z m0 2h7v-1H2v1z m10-7.5v9.5c0 0.55-0.45 1-1 1H1c-0.55 0-1-0.45-1-1V2c0-0.55 0.45-1 1-1h7.5l3.5 3.5z m-1 0.5L8 2H1v12h10V5z"></path>\n' +
+        '</svg></span>\n' +
+        '    <span class="d2h-file-name">CHANGELOG.md</span>\n' +
+        '    <span class="d2h-tag d2h-changed d2h-changed-tag">CHANGED</span></span>\n' +
+        '    </div>\n' +
+        '    <div class="d2h-file-diff">\n' +
+        '        <div class="d2h-code-wrapper">\n' +
+        '            <table class="d2h-diff-table">\n' +
+        '                <tbody class="d2h-diff-tbody">\n' +
+        '                <tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-info"></td>\n' +
+        '    <td class="d2h-info">\n' +
+        '        <div class="d2h-code-line d2h-info">@@ -1,7 +1,6 @@</div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">1</div>\n' +
+        '<div class="line-num2">1</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn"># Change Log</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">2</div>\n' +
+        '<div class="line-num2">2</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">All notable changes to this project will be documented in this file.</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">3</div>\n' +
+        '<div class="line-num2">3</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">This project adheres to [Semantic Versioning](http:&#x2F;&#x2F;semver.org&#x2F;).</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-del">\n' +
+        '      <div class="line-num1">4</div>\n' +
+        '<div class="line-num2"></div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-del">\n' +
+        '        <div class="d2h-code-line d2h-del">\n' +
+        '            <span class="d2h-code-line-prefix">-</span>\n' +
+        '            <span class="d2h-code-line-ctn">$a=&quot;&lt;table&gt;&lt;tr&gt;&lt;td&gt;Use the following format for additions: ` - VERSION: [feature&#x2F;patch (if applicable)] Short description of change. Links to relevant issues&#x2F;PRs.`</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">5</div>\n' +
+        '<div class="line-num2">4</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">$a=&quot;&lt;table&gt;&lt;tr&gt;&lt;td&gt;</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">6</div>\n' +
+        '<div class="line-num2">5</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">$a=&quot;&lt;table&gt;&lt;tr&gt;&lt;td&gt;- 1.1.9: Fix around ubuntu&#x27;s inability to cache promises. [#877](https:&#x2F;&#x2F;github.com&#x2F;FredrikNoren&#x2F;ungit&#x2F;pull&#x2F;878)</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">7</div>\n' +
+        '<div class="line-num2">6</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">- 1.1.8:</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr>\n' +
+        '<tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-info"></td>\n' +
+        '    <td class="d2h-info">\n' +
+        '        <div class="d2h-code-line d2h-info">@@ -11,7 +10,7 @@ $a=&quot;&lt;table&gt;&lt;tr&gt;&lt;td&gt;- 1.1.9: Fix around ubuntu&#x27;s inability to cache promises. [#8</div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">11</div>\n' +
+        '<div class="line-num2">10</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">- 1.1.7:</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">12</div>\n' +
+        '<div class="line-num2">11</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">    - Fix diff flickering issue and optimization [#865](https:&#x2F;&#x2F;github.com&#x2F;FredrikNoren&#x2F;ungit&#x2F;pull&#x2F;865)</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">13</div>\n' +
+        '<div class="line-num2">12</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">    - Fix credential dialog issue [#864](https:&#x2F;&#x2F;github.com&#x2F;FredrikNoren&#x2F;ungit&#x2F;pull&#x2F;864)</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-del">\n' +
+        '      <div class="line-num1">14</div>\n' +
+        '<div class="line-num2"></div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-del">\n' +
+        '        <div class="d2h-code-line d2h-del">\n' +
+        '            <span class="d2h-code-line-prefix">-</span>\n' +
+        '            <span class="d2h-code-line-ctn">    - Fix HEAD branch order when redraw [#858](https:&#x2F;&#x2F;github.com&#x2F;FredrikNoren&#x2F;ungit&#x2F;issues&#x2F;858)</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-ins">\n' +
+        '      <div class="line-num1"></div>\n' +
+        '<div class="line-num2">13</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-ins">\n' +
+        '        <div class="d2h-code-line d2h-ins">\n' +
+        '            <span class="d2h-code-line-prefix">+</span>\n' +
+        '            <span class="d2h-code-line-ctn"><ins>4</ins>    - Fix HEAD branch order when redraw [#858](https:&#x2F;&#x2F;github.com&#x2F;FredrikNoren&#x2F;ungit&#x2F;issues&#x2F;858)</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">15</div>\n' +
+        '<div class="line-num2">14</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">- 1.1.6: Fix path auto complete [#861](https:&#x2F;&#x2F;github.com&#x2F;FredrikNoren&#x2F;ungit&#x2F;issues&#x2F;861)</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">16</div>\n' +
+        '<div class="line-num2">15</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">- 1.1.5: Update &quot;Toggle all&quot; button after commit or changing selected files [#859](https:&#x2F;&#x2F;github.com&#x2F;FredrikNoren&#x2F;ungit&#x2F;issues&#x2F;859)</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">17</div>\n' +
+        '<div class="line-num2">16</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '            <span class="d2h-code-line-ctn">- 1.1.4: [patch] Promise refactoring</span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr><tr>\n' +
+        '    <td class="d2h-code-linenumber d2h-cntx">\n' +
+        '      <div class="line-num1">18</div>\n' +
+        '<div class="line-num2">17</div>\n' +
+        '    </td>\n' +
+        '    <td class="d2h-cntx">\n' +
+        '        <div class="d2h-code-line d2h-cntx">\n' +
+        '            <span class="d2h-code-line-prefix"> </span>\n' +
+        '        </div>\n' +
+        '    </td>\n' +
+        '</tr>\n' +
+        '                </tbody>\n' +
+        '            </table>\n' +
+        '        </div>\n' +
+        '    </div>\n' +
+        '</div>\n' +
+        '</div>';
+
+      var result = Diff2Html.getPrettyHtmlFromDiff(diffExample2);
+      assert.equal(result, htmlExample2);
+    });
   });
 });

test/utils-tests.js

@@ -18,7 +18,7 @@ describe('Utils', function() {
     });
     it('should escape a string with multiple problematic characters', function() {
       var result = Utils.escape('<a href="#">\tlink text</a>');
-      var expected = '&lt;a href="#"&gt;    link text&lt;/a&gt;';
+      var expected = '&lt;a href=&quot;#&quot;&gt;    link text&lt;&#x2F;a&gt;';
       assert.equal(expected, result);
     });
   });