ngn/anonymous_overflow
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Activity

fix: escape code blocks to prevent HTML injection

Browse Source
This commit is contained in:
httpjamesm
2022-12-28 22:18:18 -05:00
parent 8f9091fb2a
commit 5bd9ce484f
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/utils/syntax.go
View File

@ -17,7 +17,7 @@ var plainFormattedCodeRegex = regexp.MustCompile(`(?s)<pre tabindex="0" class="c
func HighlightSyntaxViaContent(content string) (htmlOut string) {
content = html.UnescapeString(content)
fallbackOut := content
fallbackOut := html.EscapeString(content)
// identify the language
lexer := lexers.Analyse(content)