From c646c2686e23a9a109ffa410c1256b3c96734605 Mon Sep 17 00:00:00 2001 From: Qeole Date: Tue, 23 Feb 2021 21:51:26 +0000 Subject: [PATCH] White space replacement: Escape '<>&' before setting innerHTML, v2.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Setting the innerHTML attribute of the node is necessary when we replace the white spaces by alternative characters, because we need the spans to be interpreted to set “comment”-style (font color) for those characters. But if we omit to escape HTML special characters, they get interpreted in the process! Let's escape them before replacing the white spaces. Increment version to v2.1.1, for releasing the fix Fixes: #99 Reported-by: @iiey --- manifest.json | 2 +- scripts/transformations.js | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index da5c62e..7bce06e 100644 --- a/manifest.json +++ b/manifest.json @@ -7,7 +7,7 @@ } }, "name": "Colored Diffs", - "version": "2.1.0", + "version": "2.1.1", "description": "Color diffs in messages formatted by Git or other version control systems", "author": "Vadim Atlygin", "homepage_url": "https://github.com/Qeole/colorediffs", diff --git a/scripts/transformations.js b/scripts/transformations.js index 6d9c469..bf2b412 100644 --- a/scripts/transformations.js +++ b/scripts/transformations.js @@ -31,6 +31,9 @@ function replaceSpaces(root, tabsize) { }; function doReplace(node) { + node.textContent = node.textContent.replace(/&/g,'&') + .replace(//g, '>'); node.innerHTML = node.textContent.replace(/( +|\t+)/g, replacer); };