From: Darold Gilles <gilles@darold.net>
Date: Sun, 3 Mar 2013 09:28:02 +0000 (+0100)
Subject: Escape HTML code inside queries. Thanks to denstark for the report.
X-Git-Tag: v3.2~14
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=517ea4053215a3ca51464b42072e1613e2ef8f54;p=pgbadger

Escape HTML code inside queries. Thanks to denstark for the report.
---

diff --git a/pgbadger b/pgbadger
index 839964c..b5a0113 100755
--- a/pgbadger
+++ b/pgbadger
@@ -4469,6 +4469,9 @@ sub highlight_code
 {
 	my $code = shift;
 
+	# Try to escape HTML code
+	$code =~ s/<([\/a-zA-Z])\b/\&lt;$1/sg;
+
 	# prettify SQL query
 	if (!$noprettify) {
 		$sql_prettified->query($code);