For the last release, I generated a git log in HTML. This helps users and helped me write Appendix B.
However I ran into a problem: escaping.
Larry Wall: Whipupitude.
I will show you a solution that is both correct and preserves whipupitude.
I used a single
git --format=pretty command to generate.
Implement <& Alternative to <&
Those characters should be escaped! Although some try very hard to resolve ambiguity, it's better to "emit strictly" (Postel's law)
Resolving ambiguity incorrecty leads to security bugs, for example: GIFAR bug. A GIF that is also a JAR.
git commit -a '<script>alert("hi")</script>'
A Naive, Pedantic Solution
I admit that I may have used complex solutions before.
Discredited / fallen out of favor:
This coudl be a separate blog post
date -- may not have arbitrary characters.
Do they support? 0x00 and 0x01?
Can someone create a git commit with 0x00 and 0x01?
Will it break github?
Unix way: hope that you don't have any special characters.
Oil way: Pedantic but preserving whipupitude