Encode all HTML entities

xtermjs · Apr 21, 2024 · d98edea · d98edea
1 parent 1709d44
commit d98edea
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 10 deletions.
diff --git a/addons/addon-serialize/src/SerializeAddon.test.ts b/addons/addon-serialize/src/SerializeAddon.test.ts
@@ -145,7 +145,8 @@ describe('SerializeAddon', () => {
       const output = serializeAddon.serializeAsHTML({
         onlySelection: true
       });
-      assert.equal((output.match(/<div><span>&lt;a>&amp;pi;<\/span><\/div>/g) || []).length, 1, output);
+      const spanContent = output.match(/<span>([^<]+)<\/span>/)![1];
+      assert.equal(spanContent, '&#60;a&#62;&#38;pi;');
     });
 
     it('cells with bold styling', async () => {

diff --git a/addons/addon-serialize/src/SerializeAddon.ts b/addons/addon-serialize/src/SerializeAddon.ts
@@ -14,14 +14,6 @@ function constrain(value: number, low: number, high: number): number {
   return Math.max(low, Math.min(value, high));
 }
 
-function escapeHTMLChar(c: string): string {
-  switch (c) {
-    case '&': return '&amp;';
-    case '<': return '&lt;';
-  }
-  return c;
-}
-
 // TODO: Refine this template class later
 abstract class BaseSerializeHandler {
   constructor(
@@ -677,7 +669,10 @@ export class HTMLSerializeHandler extends BaseSerializeHandler {
     if (isEmptyCell) {
       this._currentRow += ' ';
     } else {
-      this._currentRow += escapeHTMLChar(cell.getChars());
+      // Encode HTML entities
+      this._currentRow += cell.getChars().replace(/[\u00A0-\u9999<>\&]/gim, function(i) {
+        return '&#' + i.charCodeAt(0) + ';';
+      });
     }
   }