fix: escape code blocks to prevent HTML injection

2025-06-10 16:39:41 +00:00 · 2022-12-28 22:18:18 -05:00 · 2022-12-28 22:18:18 -05:00 · 5bd9ce484f
commit 5bd9ce484f
parent 8f9091fb2a
2 changed files with 2 additions and 2 deletions
--- a/config/version.go
+++ b/config/version.go
@ -1,3 +1,3 @@
 package config
-var Version = "1.2"
+var Version = "1.2.1"
--- a/src/utils/syntax.go
+++ b/src/utils/syntax.go
@ -17,7 +17,7 @@ var plainFormattedCodeRegex = regexp.MustCompile(`(?s)<pre tabindex="0" class="c
 func HighlightSyntaxViaContent(content string) (htmlOut string) {
 	content = html.UnescapeString(content)
-	fallbackOut := content
+	fallbackOut := html.EscapeString(content)
 	// identify the language
 	lexer := lexers.Analyse(content)
`@ -1,3 +1,3 @@`
	`package config`	`package config`

	`var Version = "1.2"`	`var Version = "1.2.1"`