From 073e341faf1ef56afb5a00061bf116c9ed3b3f13 Mon Sep 17 00:00:00 2001
From: Yoshiya Hinosawa <stibium121@gmail.com>
Date: Mon, 11 Dec 2023 19:24:20 +0900
Subject: fix(coverage): escape source code in html coverage report (#21531)

---
 cli/tools/coverage/reporter.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'cli/tools/coverage/reporter.rs')

diff --git a/cli/tools/coverage/reporter.rs b/cli/tools/coverage/reporter.rs
index da8982b8d..e94b54255 100644
--- a/cli/tools/coverage/reporter.rs
+++ b/cli/tools/coverage/reporter.rs
@@ -512,7 +512,7 @@ impl HtmlCoverageReporter {
   /// Creates <table> of single file code coverage.
   pub fn create_html_code_table(
     &self,
-    file_text: &String,
+    file_text: &str,
     report: &CoverageReport,
   ) -> String {
     let line_num = file_text.lines().count();
@@ -548,6 +548,11 @@ impl HtmlCoverageReporter {
       .collect::<Vec<_>>()
       .join("\n");
 
+    let file_text = file_text
+      .replace('&', "&amp;")
+      .replace('<', "&lt;")
+      .replace('>', "&gt;");
+
     // TODO(kt3k): Add syntax highlight to source code
     format!(
       "<table class='coverage'>
-- 
cgit v1.2.3