-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't use rexml for the JUnit formatter #374
Conversation
@@ -4,7 +4,6 @@ | |||
require "spec_utils" | |||
require "erb_lint/cli" | |||
require "erb_lint/cache" | |||
require "pp" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is needed. Somehow the load order is now different, so this now runs into fakefs/fakefs#215
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, a few comments about escaping.
What you're doing seems safe but still, let's always escape whole strings.
else | ||
offenses.each do |offense| | ||
type = offense.simple_name | ||
message = "#{type}: #{xml_escape(offense.message)}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we escape the whole string instead?
|
||
puts %( <testcase name="#{filename}" file="#{filename}" lineno="#{offense.line_number}">) | ||
puts %( <failure message="#{message}" type="#{type}">) | ||
puts %( #{message} at #{filename}:#{offense.line_number}:#{offense.column}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, instead of separately escaping message
and filename
, can we escape the whole string once?
testsuite_element.add_element(create_properties) | ||
puts %( <properties>) | ||
PROPERTIES.each do |key, value| | ||
puts %( <property name="#{key}" value="#{value}"/>) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's little risk but we should still be escaping all the attributes we pass IMO.
Closes Shopify#371 Follows rubocop/rubocop#13165 This leaves the output mostly the same, except that text is no longer wrapped in CDATA. Some things possibly need to be escaped now, and CDATA has different escaping needs. So, just use the same escaping everywhere
5ed086c
to
12e1659
Compare
Yeah, sure. It shouldn't matter much. I just added escaping to pretty much everything now. |
Closes #371
Follows rubocop/rubocop#13165
This leaves the output mostly the same, except that text is no longer wrapped in CDATA. Some things possibly need to be escaped now, and CDATA has different escaping needs. So, just use the same escaping everywhere