Handle HTML text including greater and less than symbols#2475
Merged
Conversation
lusassl-msft
previously approved these changes
Nov 6, 2025
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds HTML character escaping to prevent rendering issues when displaying text containing angle brackets (< and >) in HTML output. The changes introduce a new helper function GetHtmlTextValue that converts these special characters to their HTML entity equivalents before assigning values to DetailValue properties.
Key Changes:
- Added
GetHtmlTextValuehelper function to escape HTML special characters - Applied HTML escaping to all DetailValue assignments in both ServerDetails and OverviewValues sections
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dpaulson45
force-pushed
the
dpaul-HcDevHtml
branch
from
3755a30 to
96fae99
Compare
Contributor
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
dpaulson45
force-pushed
the
dpaul-HcDevHtml
branch
from
d52a679 to
39cedf5
Compare
Contributor
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
lusassl-msft
approved these changes
Nov 20, 2025
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
dpaulson45
force-pushed
the
dpaul-HcDevHtml
branch
from
b811b9b to
009b50f
Compare
Member
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
This was referenced Jun 4, 2026
pull Bot
pushed a commit
to f0r3ns1cat0r/CSS-Exchange
that referenced
this pull request
Jun 5, 2026
…CVE detail row leaks - Convert plain-text URLs to clickable hyperlinks in HTML report (fixes #532) - Preserve <br> tags after HTML encoding in GetHtmlTextValue (PR microsoft#2475 regression) - Add AddHtmlDetailRow = $false to 9 Security Vulnerability entries that were leaking individual CVE rows into the HTML detail table instead of only appearing in the rolled-up Security Vulnerabilities summary row - Add Extract for Pester Testing markers to GetHtmlTextValue for testability - Add GetHtmlServerDetail and GetHtmlOverviewValue test helpers - Add 15 Pester tests: 11 unit tests for GetHtmlTextValue encoding/URL/br behavior and 4 integration tests for HTML report structure and CVE rendering Files fixed for missing AddHtmlDetailRow: - Invoke-AnalyzerSecurityADV24199947.ps1 - Invoke-AnalyzerSecurityCve-2022-21978.ps1 - Invoke-AnalyzerSecurityCve-2022-41040.NotPublished.ps1 - Invoke-AnalyzerSecurityCveAddressedBySerializedDataSigning.ps1 - Invoke-AnalyzerSecurityCveAndOverrideCheck.ps1 - Invoke-AnalyzerSecurityExtendedProtectionConfigState.ps1 (4 locations) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue:
When
<I>or<S>tags are within theTlsCertificateName, html table builds it with italics and strikethrough.Reason:
We should properly handle this to avoid HTML to use those as HTML tags.
Fix:
Change the text from
<and>to<and>for HTML text tags only.Validation:
Lab tested