Skip to content

Commit a483d10

Browse files
nijelnijel
committed
Fixed escaping HTML entities in HTML formatter
Fixes #83 Signed-off-by: Michal Čihař <michal@cihar.com>
1 parent 00eb348 commit a483d10

File tree

2 files changed

+4
-2
lines changed

2 files changed

+4
-2
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
## [Unreleased]
44

55
* Fix parsing of DEFINER without backquotes
6+
* Fixed escaping HTML entities in HTML formatter
67

78
## [3.4.6] - 2016-09-13
89

src/Utils/Formatter.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -453,7 +453,7 @@ public function toString($token)
453453

454454
// Formatting HTML.
455455
if ($this->options['type'] === 'html') {
456-
return '<span ' . $format['html'] . '>' . $text . '</span>';
456+
return '<span ' . $format['html'] . '>' . htmlspecialchars($text, ENT_NOQUOTES) . '</span>';
457457
} elseif ($this->options['type'] === 'cli') {
458458
return $format['cli'] . $text;
459459
}
@@ -464,8 +464,9 @@ public function toString($token)
464464

465465
if ($this->options['type'] === 'cli') {
466466
return "\x1b[39m" . $text;
467+
} elseif ($this->options['type'] === 'html') {
468+
return htmlspecialchars($text, ENT_NOQUOTES);
467469
}
468-
return $text;
469470
}
470471

471472
/**

0 commit comments

Comments
 (0)