fix(coverage): escape source code in html coverage report (#21531)

author: Yoshiya Hinosawa <stibium121@gmail.com> 2023-12-11 19:24:20 +0900
committer: GitHub <noreply@github.com> 2023-12-11 19:24:20 +0900
commit: 073e341faf1ef56afb5a00061bf116c9ed3b3f13 (patch)
tree: 803aed5381911b923e8ad326eb68f6290b5b6c28 /cli/tools/coverage/reporter.rs
parent: e9ab9ba9f0c47f01ebc41f3013b3f78962aaeca7 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/cli/tools/coverage/reporter.rs b/cli/tools/coverage/reporter.rs
index da8982b8d..e94b54255 100644
--- a/cli/tools/coverage/reporter.rs
+++ b/cli/tools/coverage/reporter.rs
@@ -512,7 +512,7 @@ impl HtmlCoverageReporter {
   /// Creates <table> of single file code coverage.
   pub fn create_html_code_table(
     &self,
-    file_text: &String,
+    file_text: &str,
     report: &CoverageReport,
   ) -> String {
     let line_num = file_text.lines().count();
@@ -548,6 +548,11 @@ impl HtmlCoverageReporter {
       .collect::<Vec<_>>()
       .join("\n");
 
+    let file_text = file_text
+      .replace('&', "&amp;")
+      .replace('<', "&lt;")
+      .replace('>', "&gt;");
+
     // TODO(kt3k): Add syntax highlight to source code
     format!(
       "<table class='coverage'>
author	Yoshiya Hinosawa <stibium121@gmail.com>	2023-12-11 19:24:20 +0900
committer	GitHub <noreply@github.com>	2023-12-11 19:24:20 +0900
commit	073e341faf1ef56afb5a00061bf116c9ed3b3f13 (patch)
tree	803aed5381911b923e8ad326eb68f6290b5b6c28 /cli/tools/coverage/reporter.rs
parent	e9ab9ba9f0c47f01ebc41f3013b3f78962aaeca7 (diff)