From 5c534f7ffb7b4c3b42ebb9162a8a4c3deb68299d Mon Sep 17 00:00:00 2001
From: Deeka Wong <huangdijia@gmail.com>
Date: Mon, 23 Dec 2024 20:11:07 +0800
Subject: [PATCH] Prevent HTML injection (#812)

* Prevent HTML injection

* Update cnb.yaml

---------

Co-authored-by: Deeka Wong <8337659+huangdijia@users.noreply.github.com>
---
 .github/workflows/cnb.yaml    | 5 -----
 src/web-tinker/src/Tinker.php | 2 +-
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/.github/workflows/cnb.yaml b/.github/workflows/cnb.yaml
index 458142950..dfdc4026c 100644
--- a/.github/workflows/cnb.yaml
+++ b/.github/workflows/cnb.yaml
@@ -13,10 +13,5 @@ jobs:
           SOURCE_REPO: 'https://github.com/friendsofhyperf/components.git'
           DESTINATION_REPO: 'https://cnb:${{ secrets.CNB_TOKEN }}@cnb.cool/friendsofhyperf/components.git'
         run: |
-          # git clone --mirror "$SOURCE_REPO" && cd `basename "$SOURCE_REPO"`
-          # git remote set-url --push origin "$DESTINATION_REPO"
-          # git fetch -p origin
-          # git for-each-ref --format 'delete %(refname)' refs/pull | git update-ref --stdin
-          # git push --mirror
           git clone --mirror "$SOURCE_REPO" && cd `basename "$SOURCE_REPO"`
           git push -f --prune "$DESTINATION_REPO" "refs/heads/*:refs/heads/*" "refs/tags/*:refs/tags/*"
\ No newline at end of file
diff --git a/src/web-tinker/src/Tinker.php b/src/web-tinker/src/Tinker.php
index 070b4406a..8607b7620 100644
--- a/src/web-tinker/src/Tinker.php
+++ b/src/web-tinker/src/Tinker.php
@@ -127,6 +127,6 @@ protected function cleanOutput(string $output): string
         // Remove ANSI color codes
         $output = preg_replace('/\e\[[0-9;]*m/', '', $output);
 
-        return trim($output);
+        return htmlentities($output);
     }
 }