@@ -130,6 +130,17 @@ jobs:
130130 EXP_LABEL=$( [ "$EXP" = "true" ] && echo "EXP" || echo "Non-EXP" )
131131 echo "CONFIG_LABEL=${WAF_LABEL} + ${EXP_LABEL}" >> $GITHUB_OUTPUT
132132
133+ name : Prepare HTML Escape Helper
134+ shell : bash
135+ run : |
136+ HTML_ESCAPE_HELPER="$RUNNER_TEMP/html_escape_helper.sh"
137+ cat > "$HTML_ESCAPE_HELPER" <<'EOF'
138+ html_escape() {
139+ printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
140+ }
141+ EOF
142+ echo "HTML_ESCAPE_HELPER=$HTML_ESCAPE_HELPER" >> "$GITHUB_ENV"
143+
133144# ------------------------------------------------------------------
134145 # Quota failure
135146 # ------------------------------------------------------------------
@@ -144,10 +155,7 @@ jobs:
144155 CLEANUP_PILL : ${{ steps.cleanup.outputs.CLEANUP_PILL }}
145156 CONFIG_LABEL : ${{ steps.config.outputs.CONFIG_LABEL }}
146157 run : |
147- # HTML-escape values that get embedded into the email template to avoid HTML/attribute injection from workflow inputs.
148- html_escape() {
149- printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
150- }
158+ . "$HTML_ESCAPE_HELPER"
151159 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
152160 ACTOR="$(html_escape "$GITHUB_ACTOR")"
153161 BRANCH="$(html_escape "$BRANCH_NAME")"
@@ -225,10 +233,7 @@ jobs:
225233 CONFIG_LABEL : ${{ steps.config.outputs.CONFIG_LABEL }}
226234 CLEANUP_PILL : ${{ steps.cleanup.outputs.CLEANUP_PILL }}
227235 run : |
228- # HTML-escape values that get embedded into the email template to avoid HTML/attribute injection from workflow inputs.
229- html_escape() {
230- printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
231- }
236+ . "$HTML_ESCAPE_HELPER"
232237 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
233238 RESOURCE_GROUP="$(html_escape "$INPUT_RESOURCE_GROUP_NAME")"
234239 ACTOR="$(html_escape "$GITHUB_ACTOR")"
@@ -314,10 +319,7 @@ jobs:
314319 CLEANUP_PILL : ${{ steps.cleanup.outputs.CLEANUP_PILL }}
315320 TEST_SUITE_NAME : ${{ steps.test_suite.outputs.TEST_SUITE_NAME }}
316321 run : |
317- # HTML-escape values that get embedded into the email template to avoid HTML/attribute injection from workflow inputs.
318- html_escape() {
319- printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
320- }
322+ . "$HTML_ESCAPE_HELPER"
321323 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
322324 WEBAPP_URL="$(html_escape "${INPUT_CONTAINER_WEB_APPURL:-$INPUT_EXISTING_WEBAPP_URL}")"
323325 RESOURCE_GROUP="$(html_escape "$INPUT_RESOURCE_GROUP_NAME")"
@@ -413,10 +415,7 @@ jobs:
413415 CONFIG_LABEL : ${{ steps.config.outputs.CONFIG_LABEL }}
414416 TEST_SUITE_NAME : ${{ steps.test_suite.outputs.TEST_SUITE_NAME }}
415417 run : |
416- # HTML-escape values that get embedded into the email template to avoid HTML/attribute injection from workflow inputs.
417- html_escape() {
418- printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
419- }
418+ . "$HTML_ESCAPE_HELPER"
420419 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
421420 WEBAPP_URL="$(html_escape "${INPUT_CONTAINER_WEB_APPURL:-$INPUT_EXISTING_WEBAPP_URL}")"
422421 RESOURCE_GROUP="$(html_escape "$INPUT_RESOURCE_GROUP_NAME")"
@@ -504,10 +503,7 @@ jobs:
504503 CONFIG_LABEL : ${{ steps.config.outputs.CONFIG_LABEL }}
505504 TEST_SUITE_NAME : ${{ steps.test_suite.outputs.TEST_SUITE_NAME }}
506505 run : |
507- # HTML-escape values that get embedded into the email template to avoid HTML/attribute injection from workflow inputs.
508- html_escape() {
509- printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
510- }
506+ . "$HTML_ESCAPE_HELPER"
511507 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
512508 EXISTING_URL="$(html_escape "$INPUT_EXISTING_WEBAPP_URL")"
513509 TEST_REPORT_URL="$(html_escape "$INPUT_TEST_REPORT_URL")"
@@ -596,10 +592,7 @@ jobs:
596592 CONFIG_LABEL : ${{ steps.config.outputs.CONFIG_LABEL }}
597593 TEST_SUITE_NAME : ${{ steps.test_suite.outputs.TEST_SUITE_NAME }}
598594 run : |
599- # HTML-escape values that get embedded into the email template to avoid HTML/attribute injection from workflow inputs.
600- html_escape() {
601- printf '%s' "$1" | sed -e 's/&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g"
602- }
595+ . "$HTML_ESCAPE_HELPER"
603596 RUN_URL="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
604597 EXISTING_URL="$(html_escape "$INPUT_EXISTING_WEBAPP_URL")"
605598 TEST_REPORT_URL="$(html_escape "$INPUT_TEST_REPORT_URL")"
0 commit comments