Fix: Added HTML module escaping

ParzivalHack · web-flow · commit 6b4979fb6383 · 2026-03-16T17:38:07.000+01:00
diff --git a/src/pyspector/reporting.py b/src/pyspector/reporting.py
@@ -128,12 +128,12 @@ def to_html(self) -> str:
         for issue in self.issues:
             html += f"""
             <tr>
-                <td style='padding: 8px;'>{issue.file_path}</td>
+                <td style='padding: 8px;'>{html_module.escape(issue.file_path)}</td>
                 <td style='padding: 8px;'>{issue.line_number}</td>
-                <td style='padding: 8px;'>{str(issue.severity)}</td>
-                <td style='padding: 8px;'>{issue.description}</td>
-                <td style='padding: 8px;'><pre><code>{issue.code}</code></pre></td>
+                <td style='padding: 8px;'>{html_module.escape(str(issue.severity))}</td>
+                <td style='padding: 8px;'>{html_module.escape(issue.description)}</td>
+                <td style='padding: 8px;'><pre><code>{html_module.escape(issue.code)}</code></pre></td>
             </tr>
             """
         html += "</table></body></html>"
-        return html
+        return html
