From 598ede71202aea7b0b7cc6361ff7a388154dade9 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Sat, 23 Mar 2024 06:50:05 +0000
Subject: fix(html): html encode text body

---
 src/html.rs | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/html.rs b/src/html.rs
index c30f5c0..00a1af4 100644
--- a/src/html.rs
+++ b/src/html.rs
@@ -37,10 +37,11 @@ pub fn from_gemini(
   let ast = ast_tree.inner();
   let mut html = String::new();
   let mut title = String::new();
+  let safe = html_escape::encode_text;
 
   for node in ast {
     match node {
-      Node::Text(text) => html.push_str(&format!("<p>{text}</p>")),
+      Node::Text(text) => html.push_str(&format!("<p>{}</p>", safe(text))),
       Node::Link { to, text } => {
         let mut href = to.clone();
         let mut surface = false;
@@ -113,12 +114,12 @@ pub fn from_gemini(
         html.push_str(&format!(
           "<p><a href=\"{}\">{}</a></p>\n",
           href,
-          text.clone().unwrap_or_default(),
+          safe(&text.clone().unwrap_or_default()),
         ));
       }
       Node::Heading { level, text } => {
         if title.is_empty() && *level == 1 {
-          title = text.clone();
+          title = safe(&text.clone()).to_string();
         }
 
         html.push_str(&format!(
@@ -129,7 +130,7 @@ pub fn from_gemini(
             3 => "h3",
             _ => "p",
           },
-          text,
+          safe(text),
         ));
       }
       Node::List(items) => html.push_str(&format!(
@@ -141,10 +142,10 @@ pub fn from_gemini(
           .join("\n")
       )),
       Node::Blockquote(text) => {
-        html.push_str(&format!("<blockquote>{text}</blockquote>"));
+        html.push_str(&format!("<blockquote>{}</blockquote>", safe(text)));
       }
       Node::PreformattedText { text, .. } => {
-        html.push_str(&format!("<pre>{text}</pre>"));
+        html.push_str(&format!("<pre>{}</pre>", safe(text)));
       }
       Node::Whitespace => {}
     }
-- 
cgit v1.2.3