[local-sync] Escape HTML entities in plaintext

Summary: This was understandably causing some messages to fail to display correctly. Test Plan: unit tests are already broken for message parsing -- will fix in follow up diff Reviewers: juan Reviewed By: juan Differential Revision: https://phab.nylas.com/D3517
2025-09-06 04:35:30 +08:00 · 2016-12-15 09:17:45 -08:00 · 2016-12-15 09:17:45 -08:00 · ac5c7e3d2c
commit ac5c7e3d2c
parent ee831ba0aa
2 changed files with 4 additions and 1 deletions
--- a/packages/local-sync/package.json
+++ b/packages/local-sync/package.json
@ -11,6 +11,7 @@
    "hapi-boom-decorators": "1.1.3",
    "hapi-plugin-websocket": "0.9.2",
    "hapi-swagger": "6.1.0",
+    "he": "1.1.0",
    "inert": "4.0.0",
    "isomorphic-core": "0.x.x",
    "jasmine": "2.4.1",
--- a/packages/local-sync/src/shared/message-factory.js
+++ b/packages/local-sync/src/shared/message-factory.js
@ -1,6 +1,7 @@
 /* eslint no-useless-escape: 0 */
 const mimelib = require('mimelib');
 const encoding = require('encoding');
+const he = require('he');

 const {Imap} = require('isomorphic-core');
 const Errors = require('./errors');
@ -87,7 +88,8 @@ monospacing, but that seems OK and perhaps sometimes even desired (for e.g.
 ascii art, alignment)
 */
 function HTMLifyPlaintext(text) {
-  return `<pre class="nylas-plaintext">${text}</pre>`;
+  const escapedText = he.escape(text);
+  return `<pre class="nylas-plaintext">${escapedText}</pre>`;
 }

 /*