Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTML-Tags not escaped on GitLab Pull Request Decoration #93

Closed
dreistromlandMf opened this issue Feb 19, 2020 · 1 comment
Closed

HTML-Tags not escaped on GitLab Pull Request Decoration #93

dreistromlandMf opened this issue Feb 19, 2020 · 1 comment
Labels
bug Something isn't working

Comments

@dreistromlandMf
Copy link

dreistromlandMf commented Feb 19, 2020
edited
Loading

Some issues from SonarQube will contain HTML-Tags which are not escaped.

To Reproduce
Steps to reproduce the behavior:

  1. Scan a GitLab Merge Request with bogous HTML, such as an <i> Tag [provided that rule is activated]
  2. Check the comments for that error

Expected behavior
Escaped HTML output

Screenshots
A message on a GitLab MR: Replace this <i> tag by <em>. Instead of the Tag Names, the part after this is in italics.
Browser Developer Console showing the above sentence. The browser has interpreted the i and em tags.

Software Versions

  • SonarQube Version: Community Edition 8.1 (build 31237) via Docker
  • Plugin Version: cae9131 (sq-8_1-support)
  • GitLab Version: Community Edition 12.7.4 via Docker
  • GitLab Runner Version: 12.7.1 via Docker

Additional context
This section is intentionally left blank.
@dreistromlandMf dreistromlandMf added the bug Something isn't working label Feb 19, 2020
@bmaehr bmaehr mentioned this issue Feb 22, 2020
Closed
@PiekJ PiekJ mentioned this issue Jul 20, 2020
Merged
teuno pushed a commit to PiekJ/sonarqube-community-branch-plugin that referenced this issue Aug 3, 2020
@TeunoQuintor
Bugfix: mc1arke#93 html tags not escaped on gitlab pull request decor…
1ab6ba5 
…ation.

Added htmlEscaping to Textformatter and removed whitespace and begin and end for the text.
mc1arke pushed a commit that referenced this issue Oct 24, 2020
@PiekJ
#93: Escape HTML tags on on pull request decoration
af92519 
Adds html escaping to the Markdown text formatter and removes whitespace from the begining and end of the text.
@mc1arke mc1arke added awaiting release Merged but not currently in release version backport candidate This feature or fix should be included in another release branch labels Oct 26, 2020
@mc1arke
Copy link
Owner

mc1arke commented Oct 27, 2020

Released in 1.5.0 of the plugin

@mc1arke mc1arke closed this as completed Oct 27, 2020
@mc1arke mc1arke removed awaiting release Merged but not currently in release version backport candidate This feature or fix should be included in another release branch labels Sep 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mc1arke @dreistromlandMf