From 5292fc140276951c4546520e0a890f69433dfcaf Mon Sep 17 00:00:00 2001
From: Laurent Cozic <laurent@cozic.net>
Date: Tue, 20 Oct 2020 17:16:09 +0100
Subject: [PATCH] Tools: Escape HTML when generating changelog

---
 Tools/git-changelog.js | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/Tools/git-changelog.js b/Tools/git-changelog.js
index 50b5b97c96..c07f632e1e 100644
--- a/Tools/git-changelog.js
+++ b/Tools/git-changelog.js
@@ -8,6 +8,16 @@ require('app-module-path').addPath(`${__dirname}/../ReactNativeClient`);
 
 const { execCommand, githubUsername } = require('./tool-utils.js');
 
+// From https://stackoverflow.com/a/6234804/561309
+function escapeHtml(unsafe) {
+	return unsafe
+		.replace(/&/g, '&amp;')
+		.replace(/</g, '&lt;')
+		.replace(/>/g, '&gt;')
+		.replace(/"/g, '&quot;')
+		.replace(/'/g, '&#039;');
+}
+
 async function gitLog(sinceTag) {
 	let lines = await execCommand(`git log --pretty=format:"%H::::DIV::::%ae::::DIV::::%an::::DIV::::%s" ${sinceTag}..HEAD`);
 	lines = lines.split('\n');
@@ -245,7 +255,7 @@ function formatCommitMessage(msg, author, options) {
 		output = output.replace(/\((#[0-9]+)\)$/, '');
 	}
 
-	return output;
+	return escapeHtml(output);
 }
 
 function createChangeLog(logs, options) {