From cdb45c743f63eaa56b1e2e2594bcf5fd86151d9b Mon Sep 17 00:00:00 2001 From: sawka Date: Fri, 29 Mar 2024 00:30:29 -0700 Subject: [PATCH 1/3] escape special html characters in addon-serialize --- addons/addon-serialize/src/SerializeAddon.test.ts | 10 ++++++++++ addons/addon-serialize/src/SerializeAddon.ts | 10 +++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/addons/addon-serialize/src/SerializeAddon.test.ts b/addons/addon-serialize/src/SerializeAddon.test.ts index ac485e549f..5899ad8091 100644 --- a/addons/addon-serialize/src/SerializeAddon.test.ts +++ b/addons/addon-serialize/src/SerializeAddon.test.ts @@ -138,6 +138,16 @@ describe('SerializeAddon', () => { assert.equal((output.match(/
terminal<\/span><\/div>/g) || []).length, 1, output); }); + it('basic terminal with html unsafe chars', async () => { + await writeP(terminal, ' '); + terminal.select(1, 0, 37); + + const output = serializeAddon.serializeAsHTML({ + onlySelection: true + }); + assert.equal((output.match(/
<script>alert("&pi; = 3.14")<\/script><\/span><\/div>/g) || []).length, 1, output); + }); + it('cells with bold styling', async () => { await writeP(terminal, ' ' + sgr('1') + 'terminal' + sgr('22') + ' '); diff --git a/addons/addon-serialize/src/SerializeAddon.ts b/addons/addon-serialize/src/SerializeAddon.ts index e654eddbee..0f87885fe3 100644 --- a/addons/addon-serialize/src/SerializeAddon.ts +++ b/addons/addon-serialize/src/SerializeAddon.ts @@ -14,6 +14,14 @@ function constrain(value: number, low: number, high: number): number { return Math.max(low, Math.min(value, high)); } +function escapeHtmlChar(c: string): string { + switch (c) { + case '&': return '&'; + case '<': return '<'; + } + return c; +} + // TODO: Refine this template class later abstract class BaseSerializeHandler { constructor( @@ -669,7 +677,7 @@ export class HTMLSerializeHandler extends BaseSerializeHandler { if (isEmptyCell) { this._currentRow += ' '; } else { - this._currentRow += cell.getChars(); + this._currentRow += escapeHtmlChar(cell.getChars()); } } From 55e34cb174106ffefa6afb636bbc291eee72c897 Mon Sep 17 00:00:00 2001 From: sawka Date: Fri, 29 Mar 2024 00:44:02 -0700 Subject: [PATCH 2/3] fix unit test (test terminal only has 10 cols) --- addons/addon-serialize/src/SerializeAddon.test.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/addons/addon-serialize/src/SerializeAddon.test.ts b/addons/addon-serialize/src/SerializeAddon.test.ts index 5899ad8091..7cb071bffb 100644 --- a/addons/addon-serialize/src/SerializeAddon.test.ts +++ b/addons/addon-serialize/src/SerializeAddon.test.ts @@ -139,13 +139,13 @@ describe('SerializeAddon', () => { }); it('basic terminal with html unsafe chars', async () => { - await writeP(terminal, ' '); - terminal.select(1, 0, 37); + await writeP(terminal, ' π '); + terminal.select(1, 0, 7); const output = serializeAddon.serializeAsHTML({ onlySelection: true }); - assert.equal((output.match(/
<script>alert("&pi; = 3.14")<\/script><\/span><\/div>/g) || []).length, 1, output); + assert.equal((output.match(/
<a>&pi;<\/span><\/div>/g) || []).length, 1, output); }); it('cells with bold styling', async () => { From 431045619e8f9cf314738e5aeece56d709cfbe30 Mon Sep 17 00:00:00 2001 From: sawka Date: Fri, 29 Mar 2024 10:26:44 -0700 Subject: [PATCH 3/3] match capitalization of HTML with the rest of the file --- addons/addon-serialize/src/SerializeAddon.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/addon-serialize/src/SerializeAddon.ts b/addons/addon-serialize/src/SerializeAddon.ts index 0f87885fe3..cd15cfc373 100644 --- a/addons/addon-serialize/src/SerializeAddon.ts +++ b/addons/addon-serialize/src/SerializeAddon.ts @@ -14,7 +14,7 @@ function constrain(value: number, low: number, high: number): number { return Math.max(low, Math.min(value, high)); } -function escapeHtmlChar(c: string): string { +function escapeHTMLChar(c: string): string { switch (c) { case '&': return '&'; case '<': return '<'; @@ -677,7 +677,7 @@ export class HTMLSerializeHandler extends BaseSerializeHandler { if (isEmptyCell) { this._currentRow += ' '; } else { - this._currentRow += escapeHtmlChar(cell.getChars()); + this._currentRow += escapeHTMLChar(cell.getChars()); } }