From b52376bb767c6421ca2b95caaa65d9d8dd9fe113 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Fri, 24 Nov 2023 15:31:19 +0100 Subject: [PATCH] fix: do not interprete tags in displayed code snippets (#400) --- package-lock.json | 30 +++++++++++++------ package.json | 2 ++ .../codeSuggestionWebviewProvider.ts | 9 ++++++ 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index a4fb2f853..6d6f52a0c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,6 +22,7 @@ "analytics-node": "^4.0.1", "axios": "^0.27.2", "glob": "^7.2.0", + "he": "^1.2.0", "htmlparser2": "^7.2.0", "http-proxy-agent": "^5.0.0", "https-proxy-agent": "^5.0.0", @@ -41,6 +42,7 @@ "@types/babel__traverse": "^7.12.2", "@types/find-package-json": "^1.2.2", "@types/glob": "^7.1.3", + "@types/he": "^1.2.3", "@types/lodash": "^4.14.161", "@types/marked": "^3.0.0", "@types/mocha": "^8.0.3", @@ -1673,6 +1675,12 @@ "@types/node": "*" } }, + "node_modules/@types/he": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "integrity": "sha512-q67/qwlxblDzEDvzHhVkwc1gzVWxaNxeyHUBF4xElrvjL11O+Ytze+1fGpBHlr/H9myiBUaUXNnNPmBHxxfAcA==", + "dev": true + }, "node_modules/@types/inquirer": { "version": "8.2.5", "resolved": "https://registry.npmjs.org/@types/inquirer/-/inquirer-8.2.5.tgz", @@ -4739,7 +4747,6 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", - "dev": true, "bin": { "he": "bin/he" } @@ -6958,9 +6965,9 @@ } }, "node_modules/punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", "dev": true, "engines": { "node": ">=6" @@ -9781,6 +9788,12 @@ "@types/node": "*" } }, + "@types/he": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "integrity": "sha512-q67/qwlxblDzEDvzHhVkwc1gzVWxaNxeyHUBF4xElrvjL11O+Ytze+1fGpBHlr/H9myiBUaUXNnNPmBHxxfAcA==", + "dev": true + }, "@types/inquirer": { "version": "8.2.5", "resolved": "https://registry.npmjs.org/@types/inquirer/-/inquirer-8.2.5.tgz", @@ -12063,8 +12076,7 @@ "he": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", - "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", - "dev": true + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==" }, "htmlparser2": { "version": "7.2.0", @@ -13736,9 +13748,9 @@ } }, "punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", "dev": true }, "qs": { diff --git a/package.json b/package.json index fb321914a..29f70e09e 100644 --- a/package.json +++ b/package.json @@ -399,6 +399,7 @@ "@types/babel__traverse": "^7.12.2", "@types/find-package-json": "^1.2.2", "@types/glob": "^7.1.3", + "@types/he": "^1.2.3", "@types/lodash": "^4.14.161", "@types/marked": "^3.0.0", "@types/mocha": "^8.0.3", @@ -441,6 +442,7 @@ "analytics-node": "^4.0.1", "axios": "^0.27.2", "glob": "^7.2.0", + "he": "^1.2.0", "htmlparser2": "^7.2.0", "http-proxy-agent": "^5.0.0", "https-proxy-agent": "^5.0.0", diff --git a/src/snyk/snykCode/views/suggestion/codeSuggestionWebviewProvider.ts b/src/snyk/snykCode/views/suggestion/codeSuggestionWebviewProvider.ts index f12f5b37a..616ef14f0 100644 --- a/src/snyk/snykCode/views/suggestion/codeSuggestionWebviewProvider.ts +++ b/src/snyk/snykCode/views/suggestion/codeSuggestionWebviewProvider.ts @@ -1,3 +1,4 @@ +import he from 'he'; import _ from 'lodash'; import * as vscode from 'vscode'; import { @@ -111,6 +112,14 @@ export class CodeSuggestionWebviewProvider ); this.registerListeners(); } + + issue.additionalData.exampleCommitFixes.map(ecf => { + return ecf.lines.map(l => { + l.line = he.encode(l.line); + return l; + }); + }); + this.panel.webview.html = this.getHtmlForWebview(this.panel.webview); this.panel.iconPath = vscode.Uri.joinPath( vscode.Uri.file(this.context.extensionPath),