From 0a1ecbec48185af09ceca220f0ae4a73385b06cf Mon Sep 17 00:00:00 2001
From: Linus Groh <mail@linusgroh.de>
Date: Tue, 5 May 2020 15:11:39 +0100
Subject: [PATCH] LibMarkdown: Escape HTML entities in text

---
 Libraries/LibMarkdown/CodeBlock.cpp | 1 -
 Libraries/LibMarkdown/Text.cpp      | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/Libraries/LibMarkdown/CodeBlock.cpp b/Libraries/LibMarkdown/CodeBlock.cpp
index ca27dad1bf4..f35a29cf672 100644
--- a/Libraries/LibMarkdown/CodeBlock.cpp
+++ b/Libraries/LibMarkdown/CodeBlock.cpp
@@ -60,7 +60,6 @@ String CodeBlock::render_to_html() const
     else
         builder.appendf("<code style=\"white-space: pre;\" class=\"%s\">", style_language.characters());
 
-    // TODO: This should also be done in other places.
     builder.append(escape_html_entities(m_code));
 
     builder.append("</code>");
diff --git a/Libraries/LibMarkdown/Text.cpp b/Libraries/LibMarkdown/Text.cpp
index 8414046232b..573c2d54edd 100644
--- a/Libraries/LibMarkdown/Text.cpp
+++ b/Libraries/LibMarkdown/Text.cpp
@@ -113,7 +113,7 @@ String Text::render_to_html() const
         }
 
         current_style = span.style;
-        builder.append(span.text);
+        builder.append(escape_html_entities(span.text));
     }
 
     for (ssize_t i = open_tags.size() - 1; i >= 0; --i) {