Correctly escape HTML in source code listings.

Thanks to dmathieu! Fixes #2 :)
simplecov-ruby · Aug 25, 2010 · 4414054 · 4414054
1 parent 52532f0
commit 4414054
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/lib/simplecov-html.rb b/lib/simplecov-html.rb
@@ -1,4 +1,5 @@
 require 'erb'
+require 'cgi'
 require 'fileutils'
 require 'digest/sha1'
 require 'time'

diff --git a/views/source_file.erb b/views/source_file.erb
@@ -21,7 +21,7 @@
         <pre><%= line.number %></pre>
       </td>
       <td>
-        <pre><%= line.src.chomp %></pre>
+        <pre><%= CGI.escapeHTML(line.src.chomp) %></pre>
       </td>
       <td class="hits">
         <%= line.coverage %>