Escape HTML tags in issue titles

Closes gh-80

Author: wilkinsona

src/main/java/io/spring/githubchangeloggenerator/ChangelogGenerator.java

@@ -20,6 +20,7 @@
 import java.io.FileWriter;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
@@ -55,7 +56,7 @@ public class ChangelogGenerator {
 	private static final Comparator<Issue> TITLE_COMPARATOR = Comparator.comparing(Issue::getTitle,
 			String.CASE_INSENSITIVE_ORDER);
 
-	private static final Pattern ghUserMentionPattern = Pattern.compile("(^|[^\\w`])(@[\\w-]+)");
+	private static final List<Escape> escapes = Arrays.asList(gitHubUserMentions(), htmlTags());
 
 	private final GitHubService service;
 
@@ -160,7 +161,9 @@ private void sort(IssueSort sort, List<Issue> issues) {
 
 	private String getFormattedIssue(Issue issue) {
 		String title = issue.getTitle();
-		title = ghUserMentionPattern.matcher(title).replaceAll("$1`$2`");
+		for (Escape escape : escapes) {
+			title = escape.apply(title);
+		}
 		return String.format("- %s %s%n", title, getLinkToIssue(issue));
 	}
 
@@ -236,4 +239,36 @@ private void writeContentToFile(String content, String path) throws IOException
 		FileCopyUtils.copy(content, new FileWriter(new File(path)));
 	}
 
+	private static Escape gitHubUserMentions() {
+		return new PatternEscape(Pattern.compile("(^|[^\\w`])(@[\\w-]+)"), "$1`$2`");
+	}
+
+	private static Escape htmlTags() {
+		return new PatternEscape(Pattern.compile("(^|[^\\w`])(<[\\w\\-/<>]+>)"), "$1`$2`");
+	}
+
+	private interface Escape {
+
+		String apply(String input);
+
+	}
+
+	private static final class PatternEscape implements Escape {
+
+		private final Pattern pattern;
+
+		private final String replacement;
+
+		private PatternEscape(Pattern pattern, String replacement) {
+			this.pattern = pattern;
+			this.replacement = replacement;
+		}
+
+		@Override
+		public String apply(String input) {
+			return this.pattern.matcher(input).replaceAll(this.replacement);
+		}
+
+	}
+
 }

src/test/java/io/spring/githubchangeloggenerator/ChangelogGeneratorTests.java

@@ -236,6 +236,32 @@ void generateWhenEscapedUserMentionIsInIssueTitleItIsNotEscapedAgain() throws IO
 		assertThat(new String(Files.readAllBytes(file))).contains("Bug 1 for `@Value`");
 	}
 
+	@Test
+	void generateWhenHtmlTagIsInIssueTitleItIsEscaped() throws IOException {
+		setupGenerator(MilestoneReference.TITLE);
+		List<Issue> issues = new ArrayList<>();
+		issues.add(newIssue("Bug 1 for <td>", "1", "bug-1-url", Type.BUG));
+		issues.add(newIssue("Bug 2 for <td/>", "2", "bug-2-url", Type.BUG));
+		issues.add(newIssue("Bug 3 for <td></td>", "3", "bug-3-url", Type.BUG));
+		given(this.service.getMilestoneNumber("v2.3", REPO)).willReturn(23);
+		given(this.service.getIssuesForMilestone(23, REPO)).willReturn(issues);
+		Path file = generateChangelog("v2.3");
+		assertThat(new String(Files.readAllBytes(file))).contains("Bug 1 for `<td>`");
+		assertThat(new String(Files.readAllBytes(file))).contains("Bug 2 for `<td/>`");
+		assertThat(new String(Files.readAllBytes(file))).contains("Bug 3 for `<td></td>`");
+	}
+
+	@Test
+	void generateWhenEscapedHtmlTagIsInIssueTitleItIsNotEscapedAgain() throws IOException {
+		setupGenerator(MilestoneReference.TITLE);
+		List<Issue> issues = new ArrayList<>();
+		issues.add(newIssue("Bug 1 for `<td>`", "1", "bug-1-url", Type.BUG));
+		given(this.service.getMilestoneNumber("v2.3", REPO)).willReturn(23);
+		given(this.service.getIssuesForMilestone(23, REPO)).willReturn(issues);
+		Path file = generateChangelog("v2.3");
+		assertThat(new String(Files.readAllBytes(file))).contains("Bug 1 for `<td>`");
+	}
+
 	@Test
 	void generateWhenSectionSortedByTitle() throws Exception {
 		List<Section> sections = new ArrayList<>();