From 45c870dd2081326c9376475c0739bbf66fe5b65d Mon Sep 17 00:00:00 2001 From: Jan Krems Date: Mon, 11 Sep 2017 12:11:55 -0700 Subject: [PATCH] Use safer XML escaping --- lib/utils.js | 2 +- test/reporters/doc.spec.js | 12 ++++++------ test/unit/utils.spec.js | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/utils.js b/lib/utils.js index 43e28bc4c6..c40c97cd75 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -36,7 +36,7 @@ exports.inherits = require('util').inherits; * @return {string} */ exports.escape = function (html) { - return he.encode(String(html), { useNamedReferences: true }); + return he.encode(String(html), { useNamedReferences: false }); }; /** diff --git a/test/reporters/doc.spec.js b/test/reporters/doc.spec.js index 2e0d1e029e..060c61c18e 100644 --- a/test/reporters/doc.spec.js +++ b/test/reporters/doc.spec.js @@ -43,7 +43,7 @@ describe('Doc reporter', function () { root: false, title: unescapedTitle }; - expectedTitle = '<div>' + expectedTitle + '</div>'; + expectedTitle = '<div>' + expectedTitle + '</div>'; runner.on = function (event, callback) { if (event === 'suite') { callback(suite); @@ -142,8 +142,8 @@ describe('Doc reporter', function () { test.title = unescapedTitle; test.body = unescapedBody; - var expectedEscapedTitle = '<div>' + expectedTitle + '</div>'; - var expectedEscapedBody = '<div>' + expectedBody + '</div>'; + var expectedEscapedTitle = '<div>' + expectedTitle + '</div>'; + var expectedEscapedBody = '<div>' + expectedBody + '</div>'; runner.on = function (event, callback) { if (event === 'pass') { callback(test); @@ -192,9 +192,9 @@ describe('Doc reporter', function () { test.title = unescapedTitle; test.body = unescapedBody; - var expectedEscapedTitle = '<div>' + expectedTitle + '</div>'; - var expectedEscapedBody = '<div>' + expectedBody + '</div>'; - var expectedEscapedError = '<div>' + expectedError + '</div>'; + var expectedEscapedTitle = '<div>' + expectedTitle + '</div>'; + var expectedEscapedBody = '<div>' + expectedBody + '</div>'; + var expectedEscapedError = '<div>' + expectedError + '</div>'; runner.on = function (event, callback) { if (event === 'fail') { callback(test, unescapedError); diff --git a/test/unit/utils.spec.js b/test/unit/utils.spec.js index 078d05e5ff..4ef87c60ee 100644 --- a/test/unit/utils.spec.js +++ b/test/unit/utils.spec.js @@ -627,13 +627,13 @@ describe('lib/utils', function () { describe('escape', function () { it('replaces the usual xml suspects', function () { - expect(utils.escape('a>bc>d>')).to.be('>a>bc>d>'); - expect(utils.escape('"a"bc"d"')).to.be('"a"bc"d"'); - expect(utils.escape('<>"&')).to.be('<>"&'); + expect(utils.escape('a>bc>d>')).to.be('>a>bc>d>'); + expect(utils.escape('"a"bc"d"')).to.be('"a"bc"d"'); + expect(utils.escape('<>"&')).to.be('<>"&'); - expect(utils.escape('&a&bc&d&')).to.be('&a&bc&d&'); - expect(utils.escape('&<')).to.be('&amp;&lt;'); + expect(utils.escape('&a&bc&d&')).to.be('&a&bc&d&'); + expect(utils.escape('&<')).to.be('&amp;&lt;'); }); it('replaces invalid xml characters', function () {