From c79f9ea606d072176533b22813653f9fd26940af Mon Sep 17 00:00:00 2001 From: Nate Matykiewicz Date: Sat, 4 Apr 2020 23:20:22 -0500 Subject: [PATCH] [ruby/rdoc] Escape method names in HTML The following is invalid HTML: <<

Incorrect: << Correct: << Fixes #761 https://github.com/ruby/rdoc/commit/b120d087f6 --- lib/rdoc/markup/to_html_crossref.rb | 2 +- test/rdoc/test_rdoc_markup_to_html_crossref.rb | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/rdoc/markup/to_html_crossref.rb b/lib/rdoc/markup/to_html_crossref.rb index 9314f04fae..4a3f028135 100644 --- a/lib/rdoc/markup/to_html_crossref.rb +++ b/lib/rdoc/markup/to_html_crossref.rb @@ -144,7 +144,7 @@ class RDoc::Markup::ToHtmlCrossref < RDoc::Markup::ToHtml path = ref.as_href @from_path if code and RDoc::CodeObject === ref and !(RDoc::TopLevel === ref) - text = "#{text}" + text = "#{CGI.escapeHTML text}" end if path =~ /#/ then diff --git a/test/rdoc/test_rdoc_markup_to_html_crossref.rb b/test/rdoc/test_rdoc_markup_to_html_crossref.rb index bac2569f87..70306c683d 100644 --- a/test/rdoc/test_rdoc_markup_to_html_crossref.rb +++ b/test/rdoc/test_rdoc_markup_to_html_crossref.rb @@ -89,6 +89,20 @@ class TestRDocMarkupToHtmlCrossref < XrefTestCase assert_equal para("C1::%"), result end + def test_convert_RDOCLINK_rdoc_ref_method_escape_html + m = @c1.add_method RDoc::AnyMethod.new nil, '<<' + m.singleton = false + + result = @to.convert 'rdoc-ref:C1#<<' + + assert_equal para("C1#<<"), result + m.singleton = true + + result = @to.convert 'rdoc-ref:C1::<<' + + assert_equal para("C1::<<"), result + end + def test_convert_RDOCLINK_rdoc_ref_method_percent_label m = @c1.add_method RDoc::AnyMethod.new nil, '%' m.singleton = false