]> git.scottworley.com Git - tablify/blobdiff - src/lib.rs
projects / tablify / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Escape HTML characters properly
[tablify] / src / lib.rs
diff --git a/src/lib.rs b/src/lib.rs
index e636bb23a1596b3cdecfaad5228ff3323f6de5a1..370eb5ddd553a80f2cb4ce75c24703bf285e7b91 100644 (file)
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -38,6 +38,43 @@ const FOOTER: &str = "    </tbody>
 </body>
 </html>";
 
 </body>
 </html>";
 
+#[derive(PartialEq, Eq, Debug)]
+pub struct HTML(String);
+impl HTML {
+    fn escape(value: &str) -> HTML {
+        let mut escaped: String = String::new();
+        for c in value.chars() {
+            match c {
+                '>' => escaped.push_str("&gt;"),
+                '<' => escaped.push_str("&lt;"),
+                '\'' => escaped.push_str("&#39;"),
+                '"' => escaped.push_str("&quot;"),
+                '&' => escaped.push_str("&amp;"),
+                ok_c => escaped.push(ok_c),
+            }
+        }
+        HTML(escaped)
+    }
+}
+impl From<&str> for HTML {
+    fn from(value: &str) -> HTML {
+        HTML(String::from(value))
+    }
+}
+impl FromIterator<HTML> for HTML {
+    fn from_iter<T>(iter: T) -> HTML
+    where
+        T: IntoIterator<Item = HTML>,
+    {
+        HTML(iter.into_iter().map(|html| html.0).collect::<String>())
+    }
+}
+impl std::fmt::Display for HTML {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.0)
+    }
+}
+
 #[derive(Debug, PartialEq, Eq, Hash)]
 struct Entry {
     col: String,
 #[derive(Debug, PartialEq, Eq, Hash)]
 struct Entry {
     col: String,
@@ -148,54 +185,62 @@ fn column_order(rows: &[RowInput]) -> Vec<String> {
         .collect()
 }
 
         .collect()
 }
 
-fn render_instance(entry: &Entry) -> String {
+fn render_instance(entry: &Entry) -> HTML {
     match &entry.instance {
     match &entry.instance {
-        None => String::from("✓"),
-        Some(instance) => String::from(instance),
+        None => HTML::from("✓"),
+        Some(instance) => HTML::escape(instance.as_ref()),
     }
 }
 
     }
 }
 
-fn render_cell(col: &str, row: &RowInput) -> String {
-    // TODO: Escape HTML special characters
-    let row_label = &row.label;
+fn render_cell(col: &str, row: &RowInput) -> HTML {
+    let row_label = HTML::escape(row.label.as_ref());
+    let col_label = HTML::escape(col);
     let entries: Vec<&Entry> = row.entries.iter().filter(|e| e.col == col).collect();
     let entries: Vec<&Entry> = row.entries.iter().filter(|e| e.col == col).collect();
-    let class = if entries.is_empty() { "" } else { "yes" };
+    let class = HTML::from(if entries.is_empty() { "" } else { "yes" });
     let all_empty = entries.iter().all(|e| e.instance.is_none());
     let contents = if entries.is_empty() || (all_empty && entries.len() == 1) {
     let all_empty = entries.iter().all(|e| e.instance.is_none());
     let contents = if entries.is_empty() || (all_empty && entries.len() == 1) {
-        String::new()
+        HTML::from("")
     } else if all_empty {
     } else if all_empty {
-        format!("{}", entries.len())
+        HTML(format!("{}", entries.len()))
     } else {
     } else {
-        entries
-            .iter()
-            .map(|i| render_instance(i))
-            .collect::<Vec<_>>()
-            .join(" ")
+        HTML(
+            entries
+                .iter()
+                .map(|i| render_instance(i))
+                .map(|html| html.0) // Waiting for slice_concat_trait to stabilize
+                .collect::<Vec<_>>()
+                .join(" "),
+        )
     };
     };
-    format!("<td class=\"{class}\" onmouseover=\"h2('{row_label}','{col}')\" onmouseout=\"ch2('{row_label}','{col}')\">{contents}</td>")
+    HTML(format!("<td class=\"{class}\" onmouseover=\"h2('{row_label}','{col_label}')\" onmouseout=\"ch2('{row_label}','{col_label}')\">{contents}</td>"))
 }
 
 }
 
-fn render_row(columns: &[String], row: &RowInput) -> String {
+fn render_row(columns: &[String], row: &RowInput) -> HTML {
     // This is O(n^2) & doesn't need to be
     // This is O(n^2) & doesn't need to be
-    // TODO: Escape HTML special characters
-    let row_label = &row.label;
-    format!(
+    let row_label = HTML::escape(row.label.as_ref());
+    HTML(format!(
         "<tr><th id=\"{row_label}\">{row_label}</th>{}</tr>\n",
         &columns
             .iter()
             .map(|col| render_cell(col, row))
         "<tr><th id=\"{row_label}\">{row_label}</th>{}</tr>\n",
         &columns
             .iter()
             .map(|col| render_cell(col, row))
-            .collect::<String>()
-    )
+            .collect::<HTML>()
+    ))
 }
 
 }
 
-fn render_column_headers(columns: &[String]) -> String {
-    // TODO: Escape HTML special characters
-    String::from("<tr class=\"key\"><th></th>")
-        + &columns.iter().fold(String::new(), |mut acc, c| {
-            write!(&mut acc, "<th id=\"{c}\"><div><div>{c}</div></div></th>").unwrap();
-            acc
-        })
-        + "</tr>\n"
+fn render_column_headers(columns: &[String]) -> HTML {
+    HTML(
+        String::from("<tr class=\"key\"><th></th>")
+            + &columns.iter().fold(String::new(), |mut acc, col| {
+                let col_header = HTML::escape(col.as_ref());
+                write!(
+                    &mut acc,
+                    "<th id=\"{col_header}\"><div><div>{col_header}</div></div></th>"
+                )
+                .unwrap();
+                acc
+            })
+            + "</tr>\n",
+    )
 }
 
 /// # Errors
 }
 
 /// # Errors
@@ -204,16 +249,16 @@ fn render_column_headers(columns: &[String]) -> String {
 ///   * there's an i/o error while reading `input`
 ///   * the log has invalid syntax:
 ///     * an indented line with no preceding non-indented line
 ///   * there's an i/o error while reading `input`
 ///   * the log has invalid syntax:
 ///     * an indented line with no preceding non-indented line
-pub fn tablify(input: impl std::io::Read) -> Result<String, std::io::Error> {
+pub fn tablify(input: impl std::io::Read) -> Result<HTML, std::io::Error> {
     let rows = read_rows(input).collect::<Result<Vec<_>, _>>()?;
     let columns = column_order(&rows);
     let rows = read_rows(input).collect::<Result<Vec<_>, _>>()?;
     let columns = column_order(&rows);
-    Ok(String::from(HEADER)
-        + &render_column_headers(&columns)
-        + &rows
-            .into_iter()
+    Ok(HTML(format!(
+        "{HEADER}{}{}{FOOTER}",
+        render_column_headers(&columns),
+        rows.into_iter()
             .map(|r| render_row(&columns, &r))
             .map(|r| render_row(&columns, &r))
-            .collect::<String>()
-        + FOOTER)
+            .collect::<HTML>()
+    )))
 }
 
 #[cfg(test)]
 }
 
 #[cfg(test)]
@@ -385,7 +430,7 @@ mod tests {
                     entries: vec![]
                 }
             ),
                     entries: vec![]
                 }
             ),
-            String::from("<td class=\"\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\"></td>")
+            HTML::from("<td class=\"\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\"></td>")
         );
         assert_eq!(
             render_cell(
         );
         assert_eq!(
             render_cell(
@@ -395,7 +440,7 @@ mod tests {
                     entries: vec![Entry::from("bar")]
                 }
             ),
                     entries: vec![Entry::from("bar")]
                 }
             ),
-            String::from("<td class=\"\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\"></td>")
+            HTML::from("<td class=\"\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\"></td>")
         );
         assert_eq!(
             render_cell(
         );
         assert_eq!(
             render_cell(
@@ -405,7 +450,7 @@ mod tests {
                     entries: vec![Entry::from("foo")]
                 }
             ),
                     entries: vec![Entry::from("foo")]
                 }
             ),
-            String::from("<td class=\"yes\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\"></td>")
+            HTML::from("<td class=\"yes\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\"></td>")
         );
         assert_eq!(
             render_cell(
         );
         assert_eq!(
             render_cell(
@@ -415,7 +460,7 @@ mod tests {
                     entries: vec![Entry::from("foo"), Entry::from("foo")]
                 }
             ),
                     entries: vec![Entry::from("foo"), Entry::from("foo")]
                 }
             ),
-            String::from("<td class=\"yes\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\">2</td>")
+            HTML::from("<td class=\"yes\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\">2</td>")
         );
         assert_eq!(
             render_cell(
         );
         assert_eq!(
             render_cell(
@@ -425,7 +470,7 @@ mod tests {
                     entries: vec![Entry::from("foo: 5"), Entry::from("foo: 10")]
                 }
             ),
                     entries: vec![Entry::from("foo: 5"), Entry::from("foo: 10")]
                 }
             ),
-            String::from("<td class=\"yes\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\">5 10</td>")
+            HTML::from("<td class=\"yes\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\">5 10</td>")
         );
         assert_eq!(
             render_cell(
         );
         assert_eq!(
             render_cell(
@@ -435,7 +480,27 @@ mod tests {
                     entries: vec![Entry::from("foo: 5"), Entry::from("foo")]
                 }
             ),
                     entries: vec![Entry::from("foo: 5"), Entry::from("foo")]
                 }
             ),
-            String::from("<td class=\"yes\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\">5 ✓</td>")
+            HTML::from("<td class=\"yes\" onmouseover=\"h2('nope','foo')\" onmouseout=\"ch2('nope','foo')\">5 ✓</td>")
+        );
+        assert_eq!(
+            render_cell(
+                "heart",
+                &RowInput {
+                    label: String::from("nope"),
+                    entries: vec![Entry::from("heart: <3")]
+                }
+            ),
+            HTML::from("<td class=\"yes\" onmouseover=\"h2('nope','heart')\" onmouseout=\"ch2('nope','heart')\">&lt;3</td>")
+        );
+        assert_eq!(
+            render_cell(
+                "foo",
+                &RowInput {
+                    label: String::from("bob's"),
+                    entries: vec![Entry::from("foo")]
+                }
+            ),
+            HTML::from("<td class=\"yes\" onmouseover=\"h2('bob&#39;s','foo')\" onmouseout=\"ch2('bob&#39;s','foo')\"></td>")
         );
     }
 }
         );
     }
 }
Summarize a text log as an HTML table