Skip to content

Commit

Permalink
Merge pull request #8544 from NREL/8542_EscapeHTML
Browse files Browse the repository at this point in the history 
Fix #8542 - Escape HTML characters.
  • Loading branch information
@Myoldmopar
Myoldmopar authored Mar 1, 2021
2 parents 171ad02 + 3610327 commit e5d85ad
Show file tree
Hide file tree
Showing 3 changed files with 113 additions and 13 deletions.
27 changes: 15 additions & 12 deletions src/EnergyPlus/OutputReportTabular.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3075,11 +3075,11 @@ namespace EnergyPlus::OutputReportTabular {
tbl_stream << "<a name=top></a>\n";
tbl_stream << "<p>Program Version:<b>" << VerString << "</b></p>\n";
tbl_stream << "<p>Tabular Output Report in Format: <b>HTML</b></p>\n";
tbl_stream << "<p>Building: <b>" << BuildingName << "</b></p>\n";
tbl_stream << "<p>Building: <b>" << ConvertToEscaped(BuildingName, false) << "</b></p>\n";
if (state.dataEnvrn->EnvironmentName == state.dataEnvrn->WeatherFileLocationTitle) {
tbl_stream << "<p>Environment: <b>" << state.dataEnvrn->EnvironmentName << "</b></p>\n";
tbl_stream << "<p>Environment: <b>" << ConvertToEscaped(state.dataEnvrn->EnvironmentName, false) << "</b></p>\n";
} else {
tbl_stream << "<p>Environment: <b>" << state.dataEnvrn->EnvironmentName << " ** " << state.dataEnvrn->WeatherFileLocationTitle << "</b></p>\n";
tbl_stream << "<p>Environment: <b>" << ConvertToEscaped(state.dataEnvrn->EnvironmentName, false) << " ** " << ConvertToEscaped(state.dataEnvrn->WeatherFileLocationTitle, false) << "</b></p>\n";
}
tbl_stream << "<p>Simulation Timestamp: <b>" << std::setw(4) << ort->td(1) << '-' << std::setfill('0') << std::setw(2) << ort->td(2) << '-'
<< std::setw(2) << ort->td(3) << '\n';
Expand Down Expand Up @@ -15325,7 +15325,7 @@ namespace EnergyPlus::OutputReportTabular {
for (iCol = 1; iCol <= colsColumnLabels; ++iCol) {
outputLine = " <td align=\"right\">";
for (jRow = 1; jRow <= maxNumColLabelRows; ++jRow) {
outputLine += colLabelMulti(iCol, jRow);
outputLine += ConvertToEscaped(colLabelMulti(iCol, jRow), false);
if (jRow < maxNumColLabelRows) {
outputLine += "<br>";
}
Expand All @@ -15337,13 +15337,13 @@ namespace EnergyPlus::OutputReportTabular {
for (jRow = 1; jRow <= rowsBody; ++jRow) {
tbl_stream << " <tr>\n";
if (rowLabels(jRow) != "") {
tbl_stream << " <td align=\"right\">" << InsertCurrencySymbol(state, rowLabels(jRow), true) << "</td>\n";
tbl_stream << " <td align=\"right\">" << ConvertToEscaped(InsertCurrencySymbol(state, rowLabels(jRow), true), false) << "</td>\n";
} else {
tbl_stream << " <td align=\"right\">&nbsp;</td>\n";
}
for (iCol = 1; iCol <= colsBody; ++iCol) {
if (body(iCol, jRow) != "") {
tbl_stream << " <td align=\"right\">" << InsertCurrencySymbol(state, body(iCol, jRow), true) << "</td>\n";
tbl_stream << " <td align=\"right\">" << ConvertToEscaped(InsertCurrencySymbol(state, body(iCol, jRow), true), false) << "</td>\n";
} else {
tbl_stream << " <td align=\"right\">&nbsp;</td>\n";
}
Expand Down Expand Up @@ -15678,7 +15678,7 @@ namespace EnergyPlus::OutputReportTabular {
return s;
}

std::string ConvertToEscaped(std::string const &inString) // Input String
std::string ConvertToEscaped(std::string const &inString, bool isXML) // Input String
{
// SUBROUTINE INFORMATION:
// AUTHOR Jason Glazer
Expand All @@ -15689,7 +15689,10 @@ namespace EnergyPlus::OutputReportTabular {
// PURPOSE OF THIS SUBROUTINE:
// Convert to XML safe escaped character string
// so it excludes:
// " ' < > &
// " ' < > & degree-sign
// If isXML=false, it does an HTML conversion, so only ` < > & ` and degree sign
// Technically HTML4 doesn't support &quot, though most browsers would anyways.
// Also, escaping single and double quotes is only needed inside attributes

if (inString.empty()) return "";

Expand All @@ -15702,11 +15705,11 @@ namespace EnergyPlus::OutputReportTabular {
while (true) {
if (index == inputSize) break;
c = inString[index++];
if (c == '\"') {
if ((c == '\"') && isXML) {
s += "&quot;";
} else if (c == '&') {
s += "&amp;";
} else if (c == '\'') {
} else if ((c == '\'') && isXML) {
s += "&apos;";
} else if (c == '<') {
s += "&lt;";
Expand All @@ -15731,9 +15734,9 @@ namespace EnergyPlus::OutputReportTabular {
} else if (c == '\\') {
if (index == inputSize) break;
c = inString[index++];
if (c == '"') {
if ((c == '"') && isXML) {
s += "&quot;";
} else if (c == '\'') {
} else if ((c == '\'') && isXML) {
s += "&apos;";
} else if (c == 'u' || c == 'x') {
int remainingLen = inputSize - index;
Expand Down
3 changes: 2 additions & 1 deletion src/EnergyPlus/OutputReportTabular.hh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -730,7 +730,8 @@ namespace OutputReportTabular {

std::string ConvertUnicodeToUTF8(unsigned long const codepoint);

std::string ConvertToEscaped(std::string const &inString); // Input String
std::string ConvertToEscaped(std::string const &inString, // Input String
bool isXML=true); // isXML if false assumes HTML and will not convert quotes and apostrophes, for HTML4

void DetermineBuildingFloorArea(EnergyPlusData &state);

Expand Down
96 changes: 96 additions & 0 deletions tst/EnergyPlus/unit/OutputReportTabular.unit.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@
#include <EnergyPlus/DataZoneEnergyDemands.hh>
#include <EnergyPlus/DataZoneEquipment.hh>
#include <EnergyPlus/ElectricPowerServiceManager.hh>
#include <EnergyPlus/FileSystem.hh>
#include <EnergyPlus/HeatBalanceSurfaceManager.hh>
#include <EnergyPlus/IOFiles.hh>
#include <EnergyPlus/InputProcessing/InputProcessor.hh>
Expand Down Expand Up @@ -9610,3 +9611,98 @@ TEST_F(SQLiteFixture, ORT_EndUseBySubcategorySQL_DualUnits)
ASSERT_EQ(13u, result.size()) << "Failed for query: " << query;
}
}


TEST_F(SQLiteFixture, OutputReportTabularTest_EscapeHTML)
{
// Test for #8542 - Ensures strings are escaped before going to HTML
EnergyPlus::sqlite->sqliteBegin();
EnergyPlus::sqlite->createSQLiteSimulationsRecord(1, "EnergyPlus Version", "Current Time");

auto &ort(state->dataOutRptTab);
ort->numStyles = 1;
ort->TableStyle(1) = OutputReportTabular::iTableStyle::HTML;
ort->del(1) = DataStringGlobals::CharSpace; // space - this is not used much for HTML output

ort->WriteTabularFiles = true;

SetupUnitConversions(*state);
ort->unitsStyle = OutputReportTabular::iUnitsStyle::JtoKWH;

SetPredefinedTables(*state);
std::string CompName = "My Coil <coil is DX>";

PreDefTableEntry(*state, state->dataOutRptPredefined->pdchDXCoolCoilType, CompName, "Coil:Cooling:DX:SingleSpeed");
// This would normally be called with numerics such as CompName, 0.006, 8, but I don't really care
PreDefTableEntry(*state, state->dataOutRptPredefined->pdch2CoilLvgHumRatIdealPeak, CompName, "My Design Day where it's >= 8\u00B0");
PreDefTableEntry(*state, state->dataOutRptPredefined->pdst2CoilSummaryCoilSelection, CompName, "My Design Day where it's >= 8\u00B0"); // this is >= 8 degree sign

// We enable the reports we care about, making sure we have the right ones
EXPECT_EQ("HVACSizingSummary", state->dataOutRptPredefined->reportName(6).name);
state->dataOutRptPredefined->reportName(6).show = true;

OutputReportTabular::OpenOutputTabularFile(*state);

WritePredefinedTables(*state);

OutputReportTabular::CloseOutputTabularFile(*state);

std::vector<std::string> lines = read_lines_in_file(DataStringGlobals::outputTblHtmFileName);

// Lambda helper to locate a line in the html file, and compare that line with the expected html after trimming
auto compare_html_output = [this, &lines](const std::string& lookup, const std::string& expectedHTMLString) {
std::string found_cell;
for (const auto& line: lines) {
if (line.find(lookup) != std::string::npos) {
found_cell = line;
break;
}
}
EXPECT_FALSE(found_cell.empty())
<< "Did not find the lookup string '" << lookup
<< "' string in the html output at '" << DataStringGlobals::outputTblHtmFileName
<< "'..." << '\n' << delimited_string(lines);

// Trim leading and trailing spaces
found_cell.erase(0, found_cell.find_first_not_of(' ')); // ltrim
found_cell.erase(found_cell.find_last_not_of(' ') + 1); // rtrim

EXPECT_EQ(expectedHTMLString, found_cell) << found_cell;
};

compare_html_output("My Coil", "<td align=\"right\">My Coil &lt;coil is DX&gt;</td>");

// Note that I DO NOT expect `'` to be escaped by `&apos;` like it would in xml. Technically HTML4 doesn't support that, though most browsers
// would anyways. Also, escaping single and double quotes is only needed inside attributes
compare_html_output("My Design Day", "<td align=\"right\">My Design Day where it's &gt;= 8&deg;</td>");


// We ensure that SQL doesn't have the same escape
for (const std::string reportName: {"HVACSizingSummary"}) {


auto result = queryResult("SELECT RowName, Value From TabularDataWithStrings "
"WHERE ReportName = \"" + reportName + "\""
" AND ColumnName = \"Coil Leaving Air Humidity Ratio at Ideal Loads Peak\"",
"TabularDataWithStrings");

EnergyPlus::sqlite->sqliteCommit();

EXPECT_EQ(1u, result.size());
// Because the table has 8 cols
EXPECT_EQ(8u, result[0].size());

// 0.006 is a ratio, so unitconv = 1
std::string s = result[0][0];
// Trim the string, it has leading spaces
//s.erase(std::remove_if(s.begin(), s.end(), ::isspace), s.end());

EXPECT_EQ("My Coil <coil is DX>", s);

EXPECT_EQ("My Design Day where it's >= 8\u00B0", result[0][1]);
}

// Clean up
FileSystem::removeFile(DataStringGlobals::outputTblHtmFileName);

}

1 comment on commit e5d85ad

@nrel-bot-3
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

develop (Myoldmopar) - x86_64-MacOS-10.15-clang-11.0.0: OK (2334 of 2334 tests passed, 0 test warnings)

Build Badge Test Badge

Please sign in to comment.