Skip to content

Escape HTML in parameter default values #2288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 11, 2020
Merged

Escape HTML in parameter default values #2288

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 23 additions & 12 deletions lib/src/render/parameter_renderer.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,12 @@
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.

import 'dart:convert';

import 'package:analyzer/dart/element/type.dart';
import 'package:dartdoc/src/element_type.dart';
import 'package:dartdoc/src/model/parameter.dart';
import 'package:meta/meta.dart' as meta;

/// Render HTML in an extended vertical format using <ol> tag.
class ParameterRendererHtmlList extends ParameterRendererHtml {
Expand All @@ -27,8 +30,12 @@ class ParameterRendererHtml extends ParameterRenderer {
@override
String covariant(String covariant) => '<span>$covariant</span>';
@override
String defaultValue(String defaultValue) =>
'<span class="default-value">$defaultValue</span>';
String defaultValue(String defaultValue) {
var escaped =
const HtmlEscape(HtmlEscapeMode.unknown).convert(defaultValue);
return '<span class="default-value">$escaped</span>';
}

@override
String parameter(String parameter, String htmlId) =>
'<span class="parameter" id="${htmlId}">$parameter</span>';
Expand Down Expand Up @@ -93,34 +100,38 @@ abstract class ParameterRenderer {
var positional = '', optional = '', named = '';
if (positionalParams.isNotEmpty) {
positional = _linkedParameterSublist(positionalParams,
optionalPositionalParams.isNotEmpty || namedParams.isNotEmpty,
showMetadata: showMetadata, showNames: showNames);
trailingComma:
optionalPositionalParams.isNotEmpty || namedParams.isNotEmpty,
showMetadata: showMetadata,
showNames: showNames);
}
if (optionalPositionalParams.isNotEmpty) {
optional = _linkedParameterSublist(
optionalPositionalParams, namedParams.isNotEmpty,
optional = _linkedParameterSublist(optionalPositionalParams,
trailingComma: namedParams.isNotEmpty,
openBracket: '[',
closeBracket: ']',
showMetadata: showMetadata,
showNames: showNames);
}
if (namedParams.isNotEmpty) {
named = _linkedParameterSublist(namedParams, false,
named = _linkedParameterSublist(namedParams,
trailingComma: false,
openBracket: '{',
closeBracket: '}',
showMetadata: showMetadata,
showNames: showNames);
}
return (orderedList(positional + optional + named));
return orderedList(positional + optional + named);
}

String _linkedParameterSublist(List<Parameter> parameters, bool trailingComma,
{String openBracket = '',
String _linkedParameterSublist(List<Parameter> parameters,
{@meta.required bool trailingComma,
String openBracket = '',
String closeBracket = '',
showMetadata = true,
showNames = true}) {
var builder = StringBuffer();
parameters.forEach((p) {
for (var p in parameters) {
var prefix = '';
var suffix = '';
if (identical(p, parameters.first)) {
Expand All @@ -136,7 +147,7 @@ abstract class ParameterRenderer {
_renderParam(p, showMetadata: showMetadata, showNames: showNames);
builder.write(
listItem(parameter(prefix + renderedParam + suffix, p.htmlId)));
});
}
return builder.toString();
}

Expand Down
11 changes: 11 additions & 0 deletions test/model_test.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2273,6 +2273,17 @@ void main() {
expect(topLevelFunction.documentation, contains("['hello from dart']"));
});

test('escapes HTML in default values', () {
var topLevelFunction2 = fakeLibrary.functions
.firstWhere((f) => f.name == 'topLevelFunction2');

expect(
topLevelFunction2.linkedParamsLines,
contains('<span class="parameter-name">p3</span> = '
'<span class="default-value">const &lt;String, int&gt;{}</span>'
']</span>'));
});

test('has source code', () {
expect(topLevelFunction.sourceCode, startsWith('@deprecated'));
expect(topLevelFunction.sourceCode, endsWith('''
Expand Down
3 changes: 3 additions & 0 deletions testing/test_package/lib/fake.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -737,6 +737,9 @@ String topLevelFunction(int param1, bool param2, Cool coolBeans,
return null;
}

void topLevelFunction2(int p1, bool p2,
[Map<String, int> p3 = const <String, int>{}]) {}

/// A single optional positional param, no type annotation, no default value.
@greatAnnotation
void onlyPositionalWithNoDefaultNoType([@greatestAnnotation anything]) {}
Expand Down