From a8569648f222c6719e1e6df90f679e16fb077741 Mon Sep 17 00:00:00 2001
From: John Vilk <jvilk@stripe.com>
Date: Fri, 19 Feb 2021 18:59:10 -0800
Subject: [PATCH] `eval` command: Escape HTML on the evaluated value.

Many things that evaluates to a string do not work properly without this escape. For example:

* `""`
* `" "`
* `[].join` (which produces `" "`)

Fixes a bug where the debug console in VS Code can hang the debugger when inserting one of those types of input.
---
 lib/ruby-debug-ide/xml_printer.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ruby-debug-ide/xml_printer.rb b/lib/ruby-debug-ide/xml_printer.rb
index b009fddf..4e6fb05c 100644
--- a/lib/ruby-debug-ide/xml_printer.rb
+++ b/lib/ruby-debug-ide/xml_printer.rb
@@ -382,7 +382,7 @@ def print_expression_info(incomplete, prompt, indent)
     end
 
     def print_eval(exp, value)
-      print "<eval expression=\"%s\" value=\"%s\" />", CGI.escapeHTML(exp), value
+      print "<eval expression=\"%s\" value=\"%s\" />", CGI.escapeHTML(exp), CGI.escapeHTML(value)
     end
 
     def print_pp(value)