peter/go-gitea
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

escaping csv column content

Browse Source
This commit is contained in:
Lunny Xiao 2018-07-20 10:20:36 +08:00
parent 5304fa6bf4
commit 8da44d1844
No known key found for this signature in database
GPG Key ID: C3B7C91B632F738A
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/markup/csv/csv.go
View File

@ -7,6 +7,7 @@ package markup
import ( import (
"bytes" "bytes"
"encoding/csv" "encoding/csv"
"html"
"io" "io"
"code.gitea.io/gitea/modules/markup" "code.gitea.io/gitea/modules/markup"
@ -46,7 +47,7 @@ func (Parser) Render(rawBytes []byte, urlPrefix string, metas map[string]string,
tmpBlock.WriteString("<tr>") tmpBlock.WriteString("<tr>")
for _, field := range fields { for _, field := range fields {
tmpBlock.WriteString("<td>") tmpBlock.WriteString("<td>")
tmpBlock.WriteString(field) tmpBlock.WriteString(html.EscapeString(field))
tmpBlock.WriteString("</td>") tmpBlock.WriteString("</td>")
} }
tmpBlock.WriteString("<tr>") tmpBlock.WriteString("<tr>")

25
modules/markup/csv/csv_test.go Normal file
View File

@ -0,0 +1,25 @@
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package markup
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestRenderCSV(t *testing.T) {
var parser Parser
var kases = map[string]string{
"a": "<table class=\"table\"><tr><td>a</td><tr></table>",
"1,2": "<table class=\"table\"><tr><td>1</td><td>2</td><tr></table>",
"<br/>": "<table class=\"table\"><tr><td>&lt;br/&gt;</td><tr></table>",
}
for k, v := range kases {
res := parser.Render([]byte(k), "", nil, false)
assert.EqualValues(t, v, string(res))
}
}