From 391e96e3ef2892a6096af81958ff03c9f48e4926 Mon Sep 17 00:00:00 2001
From: gentlementlegen <fernand.veyrier@epitech.eu>
Date: Tue, 23 Apr 2024 16:40:24 +0900
Subject: [PATCH] chore: sanitizing content to avoid accidentally rendering
 html

---
 src/parser/github-comment-module.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/parser/github-comment-module.ts b/src/parser/github-comment-module.ts
index 137f00b4..f1ff71e7 100644
--- a/src/parser/github-comment-module.ts
+++ b/src/parser/github-comment-module.ts
@@ -136,11 +136,13 @@ export class GithubCommentModule implements Module {
       function buildIncentiveRow(commentScore: GithubCommentScore) {
         // Properly escape carriage returns for HTML rendering
         const formatting = stringify(commentScore.score?.formatting?.content).replace(/[\n\r]/g, "&#13;");
+        // Makes sure any HTML injected in the templated is not rendered itself
+        const sanitizedContent = commentScore.content.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
         return `
           <tr>
             <td>
               <h6>
-                <a href="${commentScore.url}" target="_blank" rel="noopener">${commentScore.content.replace(/(.{64})..+/, "$1&hellip;")}</a>
+                <a href="${commentScore.url}" target="_blank" rel="noopener">${sanitizedContent.replace(/(.{64})..+/, "$1&hellip;")}</a>
               </h6>
             </td>
             <td>