Permalink
Browse files

Escape strings after they have been truncated.

Don't truncate strings after they have been escaped.  If you do,
there is a chance you will happen to truncate half-way through
an escape sequence, causing malformed output.
  • Loading branch information...
1 parent 02b07ad commit 93f5b1911bb5e94ee89f3df051c8fac09a3282fd Ryan Stone committed Jun 14, 2012
Showing with 8 additions and 4 deletions.
  1. +8 −4 flamegraph.pl
View
@@ -240,17 +240,21 @@ sub flow {
$info = "all samples ($samples samples, 100%)";
} else {
my $pct = sprintf "%.2f", ((100 * $samples) / $timemax);
- $func =~ s/&/&/g;
- $func =~ s/</&lt;/g;
- $func =~ s/>/&gt;/g;
- $info = "$func ($samples samples, $pct%)";
+ my $escaped_func = $func;
+ $escaped_func =~ s/&/&amp;/g;
+ $escaped_func =~ s/</&lt;/g;
+ $escaped_func =~ s/>/&gt;/g;
+ $info = "$escaped_func ($samples samples, $pct%)";
}
$im->filledRectangle($x1, $y1, $x2, $y2, color("hot"), 'rx="2" ry="2" onmouseover="s(' . "'$info'" . ')" onmouseout="c()"');
if ($width > 50) {
my $chars = int($width / (0.7 * $fontsize));
my $text = substr $func, 0, $chars;
$text .= ".." if $chars < length $func;
+ $text =~ s/&/&amp;/g;
+ $text =~ s/</&lt;/g;
+ $text =~ s/>/&gt;/g;
$im->stringTTF($black, $fonttype, $fontsize, 0.0, $x1 + 3, 3 + ($y1 + $y2) / 2, $text, "",
'onmouseover="s(' . "'$info'" . ')" onmouseout="c()"');
}

0 comments on commit 93f5b19

Please sign in to comment.