github(summary): escape HTML when printing build error

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
docker · Jun 20, 2024 · ade0827 · ade0827
1 parent b5ae9cc
commit ade0827
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -60,6 +60,7 @@
     "csv-parse": "^5.5.6",
     "gunzip-maybe": "^1.4.2",
     "handlebars": "^4.7.8",
+    "he": "^1.2.0",
     "js-yaml": "^4.1.0",
     "jwt-decode": "^4.0.0",
     "semver": "^7.6.2",
@@ -69,6 +70,7 @@
   "devDependencies": {
     "@types/csv-parse": "^1.2.2",
     "@types/gunzip-maybe": "^1.4.2",
+    "@types/he": "^1.2.3",
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^20.12.10",
     "@types/semver": "^7.5.8",

diff --git a/src/github.ts b/src/github.ts
@@ -16,6 +16,7 @@
 
 import crypto from 'crypto';
 import fs from 'fs';
+import he from 'he';
 import jsyaml from 'js-yaml';
 import os from 'os';
 import path from 'path';
@@ -277,7 +278,7 @@ export class GitHub {
     sum.addTable([...summaryTableData]);
     if (summaryError) {
       sum.addHeading('Error', 4);
-      sum.addCodeBlock(summaryError, 'text');
+      sum.addCodeBlock(he.encode(summaryError), 'text');
     }
 
     if (opts.inputs) {

diff --git a/yarn.lock b/yarn.lock
@@ -1112,6 +1112,7 @@ __metadata:
     "@octokit/plugin-rest-endpoint-methods": ^10.4.0
     "@types/csv-parse": ^1.2.2
     "@types/gunzip-maybe": ^1.4.2
+    "@types/he": ^1.2.3
     "@types/js-yaml": ^4.0.9
     "@types/node": ^20.12.10
     "@types/semver": ^7.5.8
@@ -1129,6 +1130,7 @@ __metadata:
     eslint-plugin-prettier: ^5.1.3
     gunzip-maybe: ^1.4.2
     handlebars: ^4.7.8
+    he: ^1.2.0
     jest: ^29.7.0
     js-yaml: ^4.1.0
     jwt-decode: ^4.0.0
@@ -2175,6 +2177,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/he@npm:^1.2.3":
+  version: 1.2.3
+  resolution: "@types/he@npm:1.2.3"
+  checksum: e77851c73dd7b9902d92fe0118a26246a7f3676a3a1c6eb1408305187ef73b57c22550b1435946b983267f961d935554d5d0e1b458416932552f31e763e1aa41
+  languageName: node
+  linkType: hard
+
 "@types/istanbul-lib-coverage@npm:*, @types/istanbul-lib-coverage@npm:^2.0.0, @types/istanbul-lib-coverage@npm:^2.0.1":
   version: 2.0.3
   resolution: "@types/istanbul-lib-coverage@npm:2.0.3"
@@ -4923,6 +4932,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"he@npm:^1.2.0":
+  version: 1.2.0
+  resolution: "he@npm:1.2.0"
+  bin:
+    he: bin/he
+  checksum: 3d4d6babccccd79c5c5a3f929a68af33360d6445587d628087f39a965079d84f18ce9c3d3f917ee1e3978916fc833bb8b29377c3b403f919426f91bc6965e7a7
+  languageName: node
+  linkType: hard
+
 "html-escaper@npm:^2.0.0":
   version: 2.0.2
   resolution: "html-escaper@npm:2.0.2"