From 1bcf41e53f1361a7b09503b6c3a081a3b6907cb6 Mon Sep 17 00:00:00 2001 From: Georg Brandl Date: Tue, 3 May 2016 13:31:12 +0200 Subject: [PATCH] rustdoc: HTML-escape Rust code (from constants) Especially in cases like the one in the test file, this can blow up the docs big time if string constants in the code contain HTML. But also other constants can contain special chars (e.g. `&` as an operator in constant expressions). --- src/librustdoc/html/format.rs | 3 ++- src/librustdoc/html/render.rs | 4 ++-- src/test/rustdoc/escape-rust-expr.rs | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 src/test/rustdoc/escape-rust-expr.rs diff --git a/src/librustdoc/html/format.rs b/src/librustdoc/html/format.rs index d7763197f8a3b..7af5322e7bdf1 100644 --- a/src/librustdoc/html/format.rs +++ b/src/librustdoc/html/format.rs @@ -26,6 +26,7 @@ use rustc::hir; use clean; use core::DocAccessLevels; use html::item_type::ItemType; +use html::escape::Escape; use html::render; use html::render::{cache, CURRENT_LOCATION_KEY}; @@ -496,7 +497,7 @@ impl fmt::Display for clean::Type { primitive_link(f, clean::PrimitiveType::Array, "[")?; write!(f, "{}", t)?; primitive_link(f, clean::PrimitiveType::Array, - &format!("; {}]", *s)) + &format!("; {}]", Escape(s))) } clean::Bottom => f.write_str("!"), clean::RawPointer(m, ref t) => { diff --git a/src/librustdoc/html/render.rs b/src/librustdoc/html/render.rs index 5cdddc76582b3..36da95279fb24 100644 --- a/src/librustdoc/html/render.rs +++ b/src/librustdoc/html/render.rs @@ -1866,7 +1866,7 @@ impl<'a> fmt::Display for Initializer<'a> { let Initializer(s) = *self; if s.is_empty() { return Ok(()); } write!(f, " = ")?; - write!(f, "{}", s) + write!(f, "{}", Escape(s)) } } @@ -2106,7 +2106,7 @@ fn assoc_const(w: &mut fmt::Formatter, write!(w, ": {}", ty)?; if let Some(default) = default { - write!(w, " = {}", default)?; + write!(w, " = {}", Escape(default))?; } Ok(()) } diff --git a/src/test/rustdoc/escape-rust-expr.rs b/src/test/rustdoc/escape-rust-expr.rs new file mode 100644 index 0000000000000..7f9a2bf175a5f --- /dev/null +++ b/src/test/rustdoc/escape-rust-expr.rs @@ -0,0 +1,15 @@ +// Copyright 2016 The Rust Project Developers. See the COPYRIGHT +// file at the top-level directory of this distribution and at +// http://rust-lang.org/COPYRIGHT. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +// Test that we HTML-escape Rust expressions, where HTML special chars +// can occur, and we know it's definitely not markup. + +// @has escape_rust_expr/constant.CONST_S.html '//pre[@class="rust const"]' '"