about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/librustdoc/html/render.rs5
-rw-r--r--src/test/rustdoc/crate-version-escape.rs6
2 files changed, 9 insertions, 2 deletions
diff --git a/src/librustdoc/html/render.rs b/src/librustdoc/html/render.rs
index 6a23b230e12..92db95eae32 100644
--- a/src/librustdoc/html/render.rs
+++ b/src/librustdoc/html/render.rs
@@ -1313,7 +1313,8 @@ impl Context {
                          <p>Version {}</p>\
                      </div>\
                      <a id='all-types' href='index.html'><p>Back to index</p></a>",
-                crate_name, version
+                crate_name,
+                Escape(version),
             )
         } else {
             String::new()
@@ -3974,7 +3975,7 @@ fn print_sidebar(cx: &Context, it: &clean::Item, buffer: &mut Buffer) {
                 "<div class='block version'>\
                     <p>Version {}</p>\
                     </div>",
-                version
+                Escape(version)
             );
         }
     }
diff --git a/src/test/rustdoc/crate-version-escape.rs b/src/test/rustdoc/crate-version-escape.rs
new file mode 100644
index 00000000000..2f91eea339b
--- /dev/null
+++ b/src/test/rustdoc/crate-version-escape.rs
@@ -0,0 +1,6 @@
+// compile-flags: --crate-version=<script>alert("hi")</script> -Z unstable-options
+
+#![crate_name = "foo"]
+
+// @has 'foo/index.html' '//div[@class="block version"]/p' 'Version <script>alert("hi")</script>'
+// @has 'foo/all.html' '//div[@class="block version"]/p' 'Version <script>alert("hi")</script>'
generated by cgit-pink 1.4.1-3-g733a5 (git 2.37.1) at 2025-11-03 17:34:07 +0000