nhcarrigan/hikari-desktop
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 9 Pull Requests 36 Actions Releases 22 Activity

fix: escape raw HTML in markdown renderer (#169)

Browse Source 
Prevents HTML tags from being rendered as live DOM elements in terminal
output. Overrides the marked codespan and html renderers to escape < and >
before inserting into the output HTML.
This commit is contained in:
Hikari
2026-02-25 18:29:59 -08:00
committed by Naomi Carrigan
parent d3ee1c644f
commit 5fb3f1a44b
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/components/Markdown.svelte
+6 -1
View File
@@ -35,7 +35,12 @@
};
renderer.codespan = ({ text }) => {
return `<code class="hljs-inline">${text}</code>`;
const escaped = text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
return `<code class="hljs-inline">${escaped}</code>`;
};
renderer.html = ({ text }) => {
return text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
};
marked.setOptions({