Skip to content

Commit 060f404

Browse files
makenowjustysbaddaden
authored andcommitted
Doc: escape string array litral as HTML to prevent XSS
1 parent ebf6006 commit 060f404

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/compiler/crystal/tools/doc/highlighter.cr

+1-1
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ module Crystal::Doc::Highlighter
119119
case token.type
120120
when :STRING
121121
io << " " unless first
122-
io << token.value
122+
HTML.escape(token.raw, io)
123123
first = false
124124
when :STRING_ARRAY_END
125125
io << ")"

0 commit comments

Comments
 (0)