fix: correct HTML entity decoding in decode method and add tests for …

[robfrank]

This pull request fixes a bug in the HTML entity decoding logic and adds new tests to ensure correctness. The main change corrects the decoding of the & entity so that it is properly converted to & instead of a space. Additionally, new unit tests have been introduced to verify the decoding behavior for several HTML entities.

Bug fix:

• Updated the decode method in AbstractServerHttpHandler.java to correctly replace & with & instead of a space, ensuring logical operators and other ampersands are handled properly.

Testing improvements:

• Added a new test class PostCommandHandlerDecodeTest.java with tests that verify the correct decoding of HTML entities, including &, <, >, ", and '.
• Included integration tests for JavaScript functions containing logical AND operators to ensure they work as expected both via HTTP and direct command execution.

[gemini-code-assist]

Summary of Changes

Hello @robfrank, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical bug in the HTML entity decoding logic, specifically ensuring that the & entity is correctly translated to an ampersand (&) rather than an unintended space. This fix is crucial for the proper interpretation of commands containing logical operators. Complementing this correction, the PR introduces a comprehensive suite of new unit and integration tests to validate the decoding behavior for a range of HTML entities and to confirm the seamless execution of JavaScript functions with logical AND operators across different command execution pathways.

Highlights

• Bug Fix: HTML Entity Decoding: The decode method in AbstractServerHttpHandler.java has been corrected to properly convert the & HTML entity to & instead of a space, resolving issues with logical operators and other ampersands.
• New Unit Tests for HTML Entity Decoding: A new test class, PostCommandHandlerDecodeTest.java, has been introduced to verify the correct decoding of various HTML entities, including &, <, >, ", and '.
• Integration Tests for JavaScript Functions: Integration tests have been added to ensure JavaScript functions containing logical AND operators (&&) work as expected when executed via both HTTP and direct command.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly fixes a bug where & was decoded to a space instead of &. The included tests effectively verify the fix and cover other HTML entities. My main feedback is on the decode method itself. While the fix is correct, the overall implementation of manually replacing entities is not robust or complete. I've suggested considering a dedicated library for HTML decoding to improve correctness and maintainability.

[gemini-code-assist]

While this change correctly fixes the decoding of &, the manual chain of replace() calls is not a robust solution for decoding HTML entities. It only handles a small, fixed set of entities and can be inefficient, as each replace() call potentially creates a new String object and scans the string from the beginning. A better approach would be to use a dedicated library, such as Apache Commons Text's StringEscapeUtils.unescapeHtml4(), which provides a comprehensive and optimized implementation. If adding a new dependency is not an option, consider a more efficient single-pass implementation using StringBuilder to avoid creating multiple intermediate strings.

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.02%	✅ 100.00%

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (ec5b4a0)	72449	45658	63.02%
Head commit (70babd2)	72449 (+0)	45669 (+11)	63.04% (+0.02%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#2542)	1	1	100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences