Escape &"<> in rendered toc

rust-lang · Nov 9, 2020 · cb36a17 · cb36a17
1 parent eaa6914
commit cb36a17
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/renderer/html_handlebars/helpers/toc.rs b/src/renderer/html_handlebars/helpers/toc.rs
@@ -3,7 +3,9 @@ use std::path::Path;
 
 use crate::utils;
 
-use handlebars::{Context, Handlebars, Helper, HelperDef, Output, RenderContext, RenderError};
+use handlebars::{
+    html_escape, Context, Handlebars, Helper, HelperDef, Output, RenderContext, RenderError,
+};
 use pulldown_cmark::{html, Event, Parser};
 
 // Handlebars helper to construct TOC
@@ -102,7 +104,7 @@ impl HelperDef for RenderToc {
             // Part title
             if let Some(title) = item.get("part") {
                 out.write("<li class=\"part-title\">")?;
-                out.write(title)?;
+                out.write(&html_escape(title))?;
                 out.write("</li>")?;
                 continue;
             }
@@ -160,7 +162,7 @@ impl HelperDef for RenderToc {
                 html::push_html(&mut markdown_parsed_name, parser);
 
                 // write to the handlebars template
-                out.write(&markdown_parsed_name)?;
+                out.write(&html_escape(&markdown_parsed_name))?;
             }
 
             if path_exists {