Merge pull request gitbutlerapp#4698 from gitbutlerapp/sanitize-all-text

sanitize all text
liyingqin · Aug 15, 2024 · 84df885 · 84df885
2 parents 13a2706 + ca5de46
commit 84df885
Showing 1 changed file with 16 additions and 10 deletions.
diff --git a/apps/desktop/src/lib/hunk/HunkDiff.svelte b/apps/desktop/src/lib/hunk/HunkDiff.svelte
@@ -95,13 +95,13 @@
 		});
 	}
 
-	function toTokens(inputLine: string): string[] {
-		function sanitize(text: string) {
-			var element = document.createElement('div');
-			element.innerText = text;
-			return element.innerHTML;
-		}
+	function sanitize(text: string) {
+		const element = document.createElement('div');
+		element.innerText = text;
+		return element.innerHTML;
+	}
 
+	function toTokens(inputLine: string): string[] {
 		let highlighter = create(inputLine, filePath);
 		let tokens: string[] = [];
 		highlighter.highlight((text, classNames) => {
@@ -152,9 +152,13 @@
 					prevSectionRow.tokens.push(...toTokens(text));
 					nextSectionRow.tokens.push(...toTokens(text));
 				} else if (type === Operation.Insert) {
-					nextSectionRow.tokens.push(`<span data-no-drag class="token-inserted">${text}</span>`);
+					nextSectionRow.tokens.push(
+						`<span data-no-drag class="token-inserted">${sanitize(text)}</span>`
+					);
 				} else if (type === Operation.Delete) {
-					prevSectionRow.tokens.push(`<span data-no-drag class="token-deleted">${text}</span>`);
+					prevSectionRow.tokens.push(
+						`<span data-no-drag class="token-deleted">${sanitize(text)}</span>`
+					);
 				}
 			}
 			returnRows.nextRows.push(nextSectionRow);
@@ -192,10 +196,12 @@
 				if (type === Operation.Equal) {
 					sectionRow.tokens.push(...toTokens(text));
 				} else if (type === Operation.Insert) {
-					sectionRow.tokens.push(`<span data-no-drag class="token-inserted">${text}</span>`);
+					sectionRow.tokens.push(
+						`<span data-no-drag class="token-inserted">${sanitize(text)}</span>`
+					);
 				} else if (type === Operation.Delete) {
 					sectionRow.tokens.push(
-						`<span data-no-drag class="token-deleted token-strikethrough">${text}</span>`
+						`<span data-no-drag class="token-deleted token-strikethrough">${sanitize(text)}</span>`
 					);
 				}
 			}