Gherkin syntax is not properly HTML escaped

[btaz]

When the Gherkin scenario contains e.g. XML, then it's not properly escaped when displayed on the cucumber-reporting HTML page.

This unfortunately displays as:

The problem is that the browser tries to parse the XML tags as HTML. Any of these characters need to be escaped: & < > " /

One option is to use velocity-tools EscapeText for this. http://velocity.apache.org/tools/devel/generic/EscapeTool.html

I created a pull request for this: https://github.com/masterthought/cucumber-reporting/pull/48

[vassilevsky]

Hi :)

We are using version 0.0.23. The > character in feature title breaks the HTML on the main report page.

Feature:

Feature: User Profile > General Information

Main page HTML:

<tr>
    <td style="text-align:left;"><a id="stats-User Profile > General Information" href="profile-general_info_profile.feature.html">
                                                            <--------------------------------------------------------------------->
                                                                  This appears on the page because the tag is already closed

Could you also escape those values?

Thanks a lot! :D

[SlyAtBest]

I've experienced a similar issue when using an Assert.assertEquals() to test a boolean value. The value is returned as either <true> or <false>, which is not shown in the generated report when rendered by a browser. I'm guessing this is because it is being treated as a html tag and so this needs to be escaped in order for it to display properly. The page source reveals that the underlying values do exist.

Example:

boolean expectedType = true; boolean currentType = false;

Assert.assertEquals("Package is not listed as the correct type", expectedType, currentType);

Should produce:

Package is not listed as the correct type expected:<true> but was:<false>

But instead produces:

Package is not listed as the correct type expected: but was:

[damianszczepanik]

This issue has been already resolved and released.

[msymons]

In what version was this resolved and released? The release notes only go up to v0.0.21:

https://github.com/masterthought/cucumber-reporting/wiki/Release-Notes

The same is also true for jenkins-cucumber-jvm-reports-plugin-java (where I have developers refusing to upgrade the plugin until I can tell them what has changed).

[damianszczepanik]

New cucumber reporting has been released weeks ago. New version is available also via Jenkina

[msymons]

I know that the new version was released weeks ago.. and that now there is also v0.2.1. What I am seeking is a "release notes" that summarizes what has changed in the release. To repeat what I said, no one in my organization is willing (or allowed) to upgrade unless they know what has changed in the release.

I gave a link in my previous comment but that link now just redirects to the main page of the cucumber-reports. The release notes for cucumber-reporting-jenkins do not yet redirect so you can see what I am talking about:

https://github.com/damianszczepanik/cucumber-reporting-jenkins/wiki/Release-Notes

Note that the notes are not verbose... but they do provide issue IDs.

[damianszczepanik]

That would be nice if only I had more time for this :( also there are many commits that have no impact for end-users but refer to code quality so sometimes is hard to say if particular change should be mentioned in release notes or not.