LibMarkdown: Escape HTML entities in text

Author: https://github.com/linusg Commit: 0a1ecbec48 Pull-request: https://github.com/SerenityOS/serenity/pull/2120
2025-06-09 09:34:57 +09:00 · 2020-05-05 15:11:39 +01:00 · 2020-05-05 15:11:39 +01:00 · 0a1ecbec48 · 2024-07-19 06:57:00 +09:00
commit 0a1ecbec48
parent fc3d16d664
2 changed files with 1 additions and 2 deletions
--- a/Libraries/LibMarkdown/CodeBlock.cpp
+++ b/Libraries/LibMarkdown/CodeBlock.cpp
@ -60,7 +60,6 @@ String CodeBlock::render_to_html() const
    else
        builder.appendf("<code style=\"white-space: pre;\" class=\"%s\">", style_language.characters());

-    // TODO: This should also be done in other places.
    builder.append(escape_html_entities(m_code));

    builder.append("</code>");
--- a/Libraries/LibMarkdown/Text.cpp
+++ b/Libraries/LibMarkdown/Text.cpp
@ -113,7 +113,7 @@ String Text::render_to_html() const
        }

        current_style = span.style;
-        builder.append(span.text);
+        builder.append(escape_html_entities(span.text));
    }

    for (ssize_t i = open_tags.size() - 1; i >= 0; --i) {