diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | src/Utils/Formatter.php | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e81d177..4490ae7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## [Unreleased] * Fix parsing of DEFINER without backquotes +* Fixed escaping HTML entities in HTML formatter ## [3.4.6] - 2016-09-13 diff --git a/src/Utils/Formatter.php b/src/Utils/Formatter.php index f82ef13..9804580 100644 --- a/src/Utils/Formatter.php +++ b/src/Utils/Formatter.php @@ -453,7 +453,7 @@ class Formatter // Formatting HTML. if ($this->options['type'] === 'html') { - return '<span ' . $format['html'] . '>' . $text . '</span>'; + return '<span ' . $format['html'] . '>' . htmlspecialchars($text, ENT_NOQUOTES) . '</span>'; } elseif ($this->options['type'] === 'cli') { return $format['cli'] . $text; } @@ -464,8 +464,9 @@ class Formatter if ($this->options['type'] === 'cli') { return "\x1b[39m" . $text; + } elseif ($this->options['type'] === 'html') { + return htmlspecialchars($text, ENT_NOQUOTES); } - return $text; } /** |