From 5bd9ce484f541ecacba1441781806c29f7864028 Mon Sep 17 00:00:00 2001
From: httpjamesm <github@httpjames.space>
Date: Wed, 28 Dec 2022 22:18:18 -0500
Subject: [PATCH] fix: escape code blocks to prevent HTML injection

---
 config/version.go   | 2 +-
 src/utils/syntax.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/version.go b/config/version.go
index 8953d7e..e40a4fb 100644
--- a/config/version.go
+++ b/config/version.go
@@ -1,3 +1,3 @@
 package config
 
-var Version = "1.2"
+var Version = "1.2.1"
diff --git a/src/utils/syntax.go b/src/utils/syntax.go
index 78df5f3..934283c 100644
--- a/src/utils/syntax.go
+++ b/src/utils/syntax.go
@@ -17,7 +17,7 @@ var plainFormattedCodeRegex = regexp.MustCompile(`(?s)<pre tabindex="0" class="c
 func HighlightSyntaxViaContent(content string) (htmlOut string) {
 	content = html.UnescapeString(content)
 
-	fallbackOut := content
+	fallbackOut := html.EscapeString(content)
 
 	// identify the language
 	lexer := lexers.Analyse(content)