fix: escape code blocks to prevent HTML injection

2022-12-28 22:18:18 -05:00 · 2022-12-28 22:18:18 -05:00 · 5bd9ce484f
commit 5bd9ce484f
parent 8f9091fb2a
2 changed files with 2 additions and 2 deletions
--- a/config/version.go
+++ b/config/version.go
@ -1,3 +1,3 @@
 package config

-var Version = "1.2"
+var Version = "1.2.1"
--- a/src/utils/syntax.go
+++ b/src/utils/syntax.go
@ -17,7 +17,7 @@ var plainFormattedCodeRegex = regexp.MustCompile(`(?s)<pre tabindex="0" class="c
 func HighlightSyntaxViaContent(content string) (htmlOut string) {
 	content = html.UnescapeString(content)

-	fallbackOut := content
+	fallbackOut := html.EscapeString(content)

 	// identify the language
 	lexer := lexers.Analyse(content)