Closed glureau-betclic closed 3 years ago
Could you provide steps how to reproduce?
Here is a simple project: https://github.com/glureau-betclic/issue_ktlint_gradle_360/tree/master
I run ./gradlew ktlintCheck and open the HTML report:
Problem is when using emit(1, "Foo List<Int> bar", false)
, the '<' and '>' are not properly escaped to be displayed on web. Should probably be replaced by < and > (as you can see in the text in parenthesis).
@Tapchicoma We didn't write the HTML generator, did we? Isn't it a dependency?
at some point it was merged into ktlint official reporters
@glureau-betclic I will check your project, generally ktlint-gradle just tells ktlint what reporter to use and where to write it.
This is probably a failure to escape the <
, >
, & &
character. If this was being used to render untrusted data, it would technically be a security vulnerability.
Thaanks @Tapchicoma , I suppose I can go open an issue for ktlint now 😄
I opened a new issue in ktlint, please follow it. This plugin does not control what ktlint writes to report file.
The webpage:
The webpage source:
I presume an escaping is required.
Is it depending of ktlint-gradle or ktlint directly?