Merge pull request #1420 from daniel-beck/JENKINS-16184

[JENKINS-16184] Also escape greater-than character
jenkinsci · Oct 10, 2014 · d158334 · d158334
2 parents aac8c23 + daacb02
commit d158334
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 6 deletions.
diff --git a/core/src/main/java/hudson/Util.java b/core/src/main/java/hudson/Util.java
@@ -900,6 +900,9 @@ public static String escape(@Nonnull String text) {
             if(ch=='<')
                 buf.append("&lt;");
             else
+            if(ch=='>')
+                buf.append("&gt;");
+            else
             if(ch=='&')
                 buf.append("&amp;");
             else
@@ -930,6 +933,9 @@ public static String xmlEscape(@Nonnull String text) {
             if(ch=='<')
                 buf.append("&lt;");
             else
+            if(ch=='>')
+                buf.append("&gt;");
+            else
             if(ch=='&')
                 buf.append("&amp;");
             else

diff --git a/core/src/test/java/hudson/FunctionsTest.java b/core/src/test/java/hudson/FunctionsTest.java
@@ -336,7 +336,7 @@ private void assertBrokenAs(String plain, String... chunks) {
     @Test public void printLogRecordHtml() throws Exception {
         LogRecord lr = new LogRecord(Level.INFO, "Bad input <xml/>");
         lr.setLoggerName("test");
-        assertEquals("Bad input &lt;xml/>\n", Functions.printLogRecordHtml(lr, null)[3]);
+        assertEquals("Bad input &lt;xml/&gt;\n", Functions.printLogRecordHtml(lr, null)[3]);
     }
 
 }
diff --git a/core/src/test/java/hudson/MarkupTextTest.java b/core/src/test/java/hudson/MarkupTextTest.java
@@ -96,9 +96,9 @@ public void testEscape() {
 
     public void testPreEscape() {
         MarkupText text = new MarkupText("Line\n2   & 3\n<End>\n");
-        assertEquals("Line\n2   &amp; 3\n&lt;End>\n", text.toString(true));
+        assertEquals("Line\n2   &amp; 3\n&lt;End&gt;\n", text.toString(true));
         text.addMarkup(4, "<hr/>");
-        assertEquals("Line<hr/>\n2   &amp; 3\n&lt;End>\n", text.toString(true));
+        assertEquals("Line<hr/>\n2   &amp; 3\n&lt;End&gt;\n", text.toString(true));
     }
 
     /* @Bug(6252) */

diff --git a/core/src/test/java/hudson/UtilTest.java b/core/src/test/java/hudson/UtilTest.java
@@ -267,7 +267,7 @@ public void testIsSymlink() throws IOException, InterruptedException {
     @Test
     public void testHtmlEscape() {
         assertEquals("<br>", Util.escape("\n"));
-        assertEquals("&lt;a>", Util.escape("<a>"));
+        assertEquals("&lt;a&gt;", Util.escape("<a>"));
         assertEquals("&#039;&quot;", Util.escape("'\""));
         assertEquals("&nbsp; ", Util.escape("  "));
     }

diff --git a/core/src/test/java/hudson/console/UrlAnnotatorTest.java b/core/src/test/java/hudson/console/UrlAnnotatorTest.java
@@ -39,14 +39,14 @@ public class UrlAnnotatorTest {
 
     @Test
     public void testAnnotate() {
-        assertEquals("Hello &lt;foo><a href='http://foo/'>http://foo/</a>&lt;/foo> Bye",
+        assertEquals("Hello &lt;foo&gt;<a href='http://foo/'>http://foo/</a>&lt;/foo&gt; Bye",
                      annotate("Hello <foo>http://foo/</foo> Bye"));
 
         assertEquals("Hello [foo]<a href='http://foo/bar.txt'>http://foo/bar.txt</a>[/foo] Bye",
                      annotate("Hello [foo]http://foo/bar.txt[/foo] Bye"));
 
         assertEquals("Hello '<a href='http://foo'>http://foo</a>' or \"<a href='ftp://bar'>"
-                + "ftp://bar</a>\" or &lt;<a href='https://baz/'>https://baz/</a>> or (<a "
+                + "ftp://bar</a>\" or &lt;<a href='https://baz/'>https://baz/</a>&gt; or (<a "
                 + "href='http://a.b.c/x.y'>http://a.b.c/x.y</a>) Bye",
                 annotate("Hello 'http://foo' or \"ftp://bar\" or <https://baz/> or (http://a.b.c/x.y) Bye"));