Skip to content

Commit

Permalink
Doc: escape string array litral as HTML to prevent XSS
Browse files Browse the repository at this point in the history
  • Loading branch information
@makenowjust @ysbaddaden
makenowjust authored and ysbaddaden committed Nov 8, 2017
1 parent ebf6006 commit 060f404
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/compiler/crystal/tools/doc/highlighter.cr
View file
Expand Up @@ -119,7 +119,7 @@ module Crystal::Doc::Highlighter
case token.type
when :STRING
io << " " unless first
io << token.value
HTML.escape(token.raw, io)
first = false
when :STRING_ARRAY_END
io << ")"
Expand Down

0 comments on commit 060f404

Please sign in to comment.