fix(core): escape all angle brackets with "santizeComments" (#612)

tgreyuk · tgreyuk · commit 91978aad9034 · 2024-05-11T20:27:50.000+01:00
diff --git a/packages/typedoc-plugin-markdown/src/libs/utils/sanitize-comments.spec.ts b/packages/typedoc-plugin-markdown/src/libs/utils/sanitize-comments.spec.ts
@@ -0,0 +1,40 @@
+import { sanitizeComments } from './sanitize-comments';
+
+describe('sanitizeComments', () => {
+  it('should escape special characters correctly', () => {
+    const input = 'Comments <tag></tag>, {braces}, >= 5, < 5, `code`';
+    const output =
+      'Comments \\<tag\\>\\</tag\\>, \\{braces\\}, \\>= 5, \\< 5, `code`';
+    const result = sanitizeComments(input);
+    expect(result).toEqual(output);
+  });
+
+  it('should not escape blockquotes', () => {
+    const input = '> Blockquote with <tag>';
+    const output = '> Blockquote with \\<tag\\>';
+    const result = sanitizeComments(input);
+    expect(result).toEqual(output);
+  });
+
+  it('should not escape inline code', () => {
+    const input = 'Comment with <tag> `code with <tag> and {braces}`';
+    const output = 'Comment with \\<tag\\> `code with <tag> and {braces}`';
+    const result = sanitizeComments(input);
+    expect(result).toEqual(output);
+  });
+
+  it('should not escape code block', () => {
+    const input = `
+<tag>
+\`\`\`html
+<div>x</div>
+\`\`\``;
+    const expectedOutput = `
+\\<tag\\>
+\`\`\`html
+<div>x</div>
+\`\`\``;
+    const result = sanitizeComments(input);
+    expect(result).toEqual(expectedOutput);
+  });
+});
diff --git a/packages/typedoc-plugin-markdown/src/libs/utils/sanitize-comments.ts b/packages/typedoc-plugin-markdown/src/libs/utils/sanitize-comments.ts
@@ -1,5 +1,4 @@
 export function sanitizeComments(str: string) {
-  const re = /<(?=(?:[^`]*`[^`]*`)*[^`]*$)[^<]+?>/gi;
   const codeBlocks: string[] = [];
   const placeholder = '___CODEBLOCKPLACEHOLDER___';
 
@@ -9,9 +8,11 @@ export function sanitizeComments(str: string) {
     return placeholder;
   });
 
-  // Perform escaping outside of code blocks
+  // If line starts with a > treat it as a blockquote
+  // Otherwise escape all <, >, {, and } characters
   str = str
-    .replace(re, (tags) => tags.replace(/>/g, '\\>').replace(/</g, '\\<'))
+    .replace(/(?!^)>/gm, '\\>')
+    .replace(/</g, '\\<')
     .replace(/\{/g, '\\{')
     .replace(/\}/g, '\\}');
 
