Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rustdoc: HTML-escape Rust code (from constants) #33372

Merged
merged 1 commit into from
May 5, 2016
Merged

rustdoc: HTML-escape Rust code (from constants) #33372

merged 1 commit into from
May 5, 2016

Conversation

birkenfeld
Copy link
Contributor

Especially in cases like the one in the test file, this can blow up the rendering big time if string constants in the code contain HTML.

But also other constants can contain special chars (e.g. & as an operator in constant expressions).

@birkenfeld
rustdoc: HTML-escape Rust code (from constants)
1bcf41e 
Especially in cases like the one in the test file, this can blow
up the docs big time if string constants in the code contain HTML.

But also other constants can contain special chars (e.g. `&` as an
operator in constant expressions).
@rust-highfive
Copy link
Collaborator

r? @cmr

(rust_highfive has picked a reviewer for you, use r? to override)

@emberian
Copy link
Member

emberian commented May 3, 2016

Eek, that's concerning. Rustdoc really shouldn't have injection attacks!

@emberian
Copy link
Member

emberian commented May 3, 2016

@bors r+

@bors
Copy link
Contributor

bors commented May 3, 2016

📌 Commit 1bcf41e has been approved by cmr

@Manishearth Manishearth mentioned this pull request May 3, 2016
Merged
Manishearth added a commit to Manishearth/rust that referenced this pull request May 3, 2016
@Manishearth
Rollup merge of rust-lang#33372 - birkenfeld:rustdoc-escape-code, r=cmr
631e7b4 
rustdoc: HTML-escape Rust code (from constants)

Especially in cases like the one in the test file, this can blow up the rendering big time if string constants in the code contain HTML.

But also other constants can contain special chars (e.g. `&` as an operator in constant expressions).
bors added a commit that referenced this pull request May 3, 2016
@bors
Auto merge of #33376 - Manishearth:rollup, r=Manishearth
1fb4b5b 
Rollup of 14 pull requests

- Successful merges: #33277, #33294, #33314, #33322, #33333, #33338, #33339, #33340, #33343, #33357, #33363, #33365, #33371, #33372
- Failed merges:
bors added a commit that referenced this pull request May 3, 2016
@bors
Auto merge of #33376 - Manishearth:rollup, r=Manishearth
f7125fc 
Rollup of 14 pull requests

- Successful merges: #33277, #33294, #33314, #33322, #33333, #33338, #33339, #33340, #33343, #33357, #33363, #33365, #33371, #33372
- Failed merges:
bors added a commit that referenced this pull request May 4, 2016
@bors
Auto merge of #33376 - Manishearth:rollup, r=Manishearth
1895d08 
Rollup of 14 pull requests

- Successful merges: #33277, #33294, #33314, #33322, #33333, #33338, #33339, #33340, #33343, #33357, #33363, #33365, #33371, #33372
- Failed merges:
bors added a commit that referenced this pull request May 4, 2016
@bors
Auto merge of #33376 - Manishearth:rollup, r=Manishearth
7a0ccc4 
Rollup of 14 pull requests

- Successful merges: #33277, #33294, #33314, #33322, #33333, #33338, #33339, #33340, #33343, #33357, #33363, #33365, #33371, #33372
- Failed merges:
@bors bors merged commit 1bcf41e into rust-lang:master May 5, 2016
@birkenfeld birkenfeld deleted the rustdoc-escape-code branch May 6, 2016 04:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@emberian emberian

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@birkenfeld @rust-highfive @emberian @bors