[1.x] Fixes message and options html output not escaped (#16)

* Fixes message and options html output not escaped * Fixes style
laravel · Nov 7, 2023 · 8e78f27 · 8e78f27
1 parent 5a5e0c9
commit 8e78f27
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 6 deletions.
diff --git a/src/Printers/CliPrinter.php b/src/Printers/CliPrinter.php
@@ -133,6 +133,8 @@ protected function messageHtml(string $message): string
             return '<span class="text-gray">No message.</span>';
         }
 
+        $message = htmlspecialchars($message);
+
         return "<span>$message</span>";
     }
 
@@ -204,7 +206,8 @@ public function optionsHtml(MessageLogged $messageLogged): string
         return collect($options)->merge(
             $messageLogged->context() // @phpstan-ignore-line
         )->reject(fn (mixed $value, string|int $key) => is_int($key) && is_null($value))
-            ->map(fn (mixed $value) => is_string($value) ? e($value) : var_export($value, true))
+            ->map(fn (mixed $value) => is_string($value) ? $value : var_export($value, true))
+            ->map(fn (string $value) => htmlspecialchars($value))
             ->map(fn (string $value, string|int $key) => is_string($key) ? "$key: $value" : $value)
             ->map(fn (string $value) => "<span class=\"font-bold\">$value</span>")
             ->implode(' • ');

diff --git a/tests/Unit/CliPrinterTest.php b/tests/Unit/CliPrinterTest.php
@@ -114,13 +114,42 @@
     );
 });
 
+test('escaping message', function () {
+    $output = output([
+        'message' => '<div class=3D"gmail-adL" style=3D"box-sizing:border-box">escaping message</div>',
+        'level_name' => 'info',
+        'datetime' => '2021-01-01 00:00:00',
+        'context' => [
+            '__pail' => [
+                'origin' => [
+                    'type' => 'http',
+                    'method' => 'GET',
+                    'path' => '/logs',
+                    'auth_id' => null,
+                    'auth_email' => null,
+                ],
+            ],
+        ],
+    ], true);
+
+    expect($output)->toBe(<<<'EOF'
+    ┌ 2024-01-01 03:04:05 INFO ───────────────────────
+    │ <div class=3D"gmail-adL" style=3D"box-sizing:border-box">escaping message</div>
+    │ 1. app/MyClass.php:12
+    │ 2. app/MyClass.php:34
+    └──────────────────── GET: /logs • Auth ID: guest
+
+    EOF
+    );
+});
+
 test('escaping html options', function () {
     $output = output([
         'message' => 'Context that contains html',
         'level_name' => 'info',
         'datetime' => '2021-01-01 00:00:00',
         'context' => [
-            'html' => '<div class=3D"gmail-adL" style=3D"box-sizing:border-box"></div>',
+            'html' => '<div class=3D"gmail-adL" style=3D"box-sizing:border-box">escaping html options</div>',
             '__pail' => [
                 'origin' => [
                     'type' => 'http',
@@ -131,12 +160,50 @@
                 ],
             ],
         ],
-    ]);
+    ], true);
+
+    expect($output)->toBe(<<<'EOF'
+    ┌ 2024-01-01 03:04:05 INFO ───────────────────────
+    │ Context that contains html
+    │ 1. app/MyClass.php:12
+    │ 2. app/MyClass.php:34
+    └ GET: /logs • Auth ID: guest • html: <div class=3D"gmail-adL" style=3D"box-sizing:border-box">escaping html options</div>
+
+    EOF
+    );
+});
+
+test('escaping html arrayable options', function () {
+    $output = output([
+        'message' => 'Context that contains html',
+        'level_name' => 'info',
+        'datetime' => '2021-01-01 00:00:00',
+        'context' => [
+            'html' => [
+                'first' => '<span class=3D"gmail-adL">first</span>',
+                'second' => [
+                    'a' => '<span class=3D"gmail-adL">a</span>',
+                    'b' => '<span class=3D"gmail-adL">b</span>',
+                ],
+            ],
+            '__pail' => [
+                'origin' => [
+                    'type' => 'http',
+                    'method' => 'GET',
+                    'path' => '/logs',
+                    'auth_id' => null,
+                    'auth_email' => null,
+                ],
+            ],
+        ],
+    ], true);
 
     expect($output)->toBe(<<<'EOF'
-    ┌ 03:04:05 INFO ─────────────────────────────────┐
-    │ Context that contains html                     │
-    └ GET: /logs • Auth ID: guest • html: <div class=3D"gmail-adL" style=3D"box-sizing:border-box"></div> ┘
+    ┌ 2024-01-01 03:04:05 INFO ───────────────────────
+    │ Context that contains html
+    │ 1. app/MyClass.php:12
+    │ 2. app/MyClass.php:34
+    └ GET: /logs • Auth ID: guest • html: array ( 'first' => '<span class=3D"gmail-adL">first</span>', 'second' => array ( 'a' => '<span class=3D"gmail-adL">a</span>', 'b' => '<span class=3D"gmail-adL">b</span>', ), )
 
     EOF
     );