vrr/qwen-code
2
0
Fork 0
mirror of https://github.com/QwenLM/qwen-code.git synced 2026-05-05 15:31:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

fix(cli): prevent HTML comment escape by sanitizing --!> and -->

Browse source
This commit is contained in:
pomelo-nwu 2025-12-26 22:45:35 +08:00
parent e5dbd69899
commit 25dbe98e6e
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/cli/src/ui/commands/languageCommand.ts
View file

@ -52,11 +52,11 @@ function formatUiLanguageDisplay(lang: SupportedLanguage): string {
}
function sanitizeLanguageForMarker(language: string): string {
// HTML comments cannot contain "--" or end marker "-->" safely.
// HTML comments cannot contain "--" or end markers like "-->" or "--!>" safely.
// Also avoid newlines to keep the marker single-line and robust to parsing.
return language
.replace(/[\r\n]/g, ' ')
.replace(/-->/g, '')
.replace(/--!?>/g, '')
.replace(/--/g, '');
}