Tapchicoma
commented
4 years ago Could you provide steps how to reproduce?
Closed glureau-betclic closed 3 years ago
Tapchicoma
commented
4 years ago Could you provide steps how to reproduce?
glureau-betclic
commented
4 years ago Here is a simple project: https://github.com/glureau-betclic/issue_ktlint_gradle_360/tree/master
I run ./gradlew ktlintCheck and open the HTML report:
Problem is when using emit(1, "Foo List<Int> bar", false), the '<' and '>' are not properly escaped to be displayed on web. Should probably be replaced by < and > (as you can see in the text in parenthesis).
JLLeitschuh
commented
4 years ago @Tapchicoma We didn't write the HTML generator, did we? Isn't it a dependency?
Tapchicoma
commented
4 years ago at some point it was merged into ktlint official reporters
Tapchicoma
commented
4 years ago @glureau-betclic I will check your project, generally ktlint-gradle just tells ktlint what reporter to use and where to write it.
JLLeitschuh
commented
4 years ago This is probably a failure to escape the <, >, & & character. If this was being used to render untrusted data, it would technically be a security vulnerability.
glureau-betclic
commented
4 years ago Thaanks @Tapchicoma , I suppose I can go open an issue for ktlint now 😄
Tapchicoma
commented
3 years ago I opened a new issue in ktlint, please follow it. This plugin does not control what ktlint writes to report file.
The webpage:
The webpage source:
I presume an escaping is required.
Is it depending of ktlint-gradle or ktlint directly?