From 52e66a0372914407db70bd864047f7db800076bb Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Fri, 7 Oct 2022 17:31:30 -0400 Subject: [PATCH] Don't escape HTML entities in RSS feed output There is a risk I guess that the the value and diff contain which would break the sort of HTML content, but the important part was to convert the ansi escapes codes rather than escape HTML. The HTML escaping of the ansi_to_html module is also on a partial escape, and not very robust. It might be worth using something like htmlize or html_escape which provide full conversions to both encoding and decoding HTML entities. --- src/job.rs | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/job.rs b/src/job.rs index d5978e9..fef343d 100644 --- a/src/job.rs +++ b/src/job.rs @@ -189,8 +189,8 @@ Diff:
"#, update_time.format("%d/%m/%Y %H:%M"), - ansi_to_html::convert_escaped(value).unwrap().as_str(), - ansi_to_html::convert_escaped(diff).unwrap().as_str() + value, + ansi_to_html::convert(diff, false, true).unwrap().as_str() ) ) .build(); @@ -287,6 +287,21 @@ output_file = ./src/job_example.rss assert_eq!(job.last_value().unwrap(), "Version 1.64.0"); } + #[test] + fn recover_value_from_channel_html_escapes() { + let conf = Conf::get_default_conf(); + let output_file = NamedTempFile::new().unwrap(); + let mut job_file = NamedTempFile::new().unwrap(); + let mut job = Job::new("example", "selector", &conf); + job.output_file = Some(output_file.path().to_path_buf()); + writeln!(job_file, "url = example").expect("write failed"); + writeln!(job_file, "output_file = {}", output_file.path().display()).expect("write failed"); + let value = "Update that contains html
"; + job.update(value, "diff"); + let job2 = Job::from_file(job_file.path(), &conf).expect("Failed to read conf file"); + assert_eq!(job2.last_value().unwrap(), value); + } + #[test] fn new_updates_have_different_guids() { let conf = Conf::get_default_conf();