aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Picciano <me@mediocregopher.com>2024-11-01 15:41:18 +0100
committerBrian Picciano <me@mediocregopher.com>2024-11-01 15:41:18 +0100
commit7ea9fb22ab67603f4bc6eb68b76c66177b434fe3 (patch)
tree84b935f5ffd566236e83b9431dcf8050f944861e
parent76d8b138ce23687c6372b34ee71e52f2b057469f (diff)
HTML escape pre-formatted text
-rw-r--r--example/static/gemtext/cheatsheet.gmi6
-rw-r--r--internal/gemtext/gemtext.go2
2 files changed, 6 insertions, 2 deletions
diff --git a/example/static/gemtext/cheatsheet.gmi b/example/static/gemtext/cheatsheet.gmi
index e7c9286..953c294 100644
--- a/example/static/gemtext/cheatsheet.gmi
+++ b/example/static/gemtext/cheatsheet.gmi
@@ -59,4 +59,8 @@ Here's a quote from Maciej Cegłowski:
## Pre-fromatted text
-Lines which start with ``` will cause clients to toggle in and out of ordinary rendering mode and preformatted mode. In preformatted mode, Gemtext syntax is ignored so links etc. will not be rendered, and text will appear in a monospace font.
+Lines which start with ``` will cause clients to toggle in and out of ordinary rendering mode and preformatted mode. In preformatted mode, Gemtext syntax is ignored so links etc. will not be rendered, and text will appear in a monospace font.
+
+```
+<script>alert("HTML tags should not get rendered!")</script>
+```
diff --git a/internal/gemtext/gemtext.go b/internal/gemtext/gemtext.go
index 83a1be3..76a990e 100644
--- a/internal/gemtext/gemtext.go
+++ b/internal/gemtext/gemtext.go
@@ -74,7 +74,7 @@ loop:
continue
case pft:
- write(line)
+ write(html.EscapeString(line))
continue
case len(strings.TrimSpace(line)) == 0: