From cb36a1704690b338705a4d9103bd2ae2cec267a6 Mon Sep 17 00:00:00 2001
From: David Tolnay <dtolnay@gmail.com>
Date: Sun, 8 Nov 2020 21:58:53 -0800
Subject: [PATCH] Escape &"<> in rendered toc

---
 src/renderer/html_handlebars/helpers/toc.rs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/renderer/html_handlebars/helpers/toc.rs b/src/renderer/html_handlebars/helpers/toc.rs
index 7a5d8a2844..d578c6395e 100644
--- a/src/renderer/html_handlebars/helpers/toc.rs
+++ b/src/renderer/html_handlebars/helpers/toc.rs
@@ -3,7 +3,9 @@ use std::path::Path;
 
 use crate::utils;
 
-use handlebars::{Context, Handlebars, Helper, HelperDef, Output, RenderContext, RenderError};
+use handlebars::{
+    html_escape, Context, Handlebars, Helper, HelperDef, Output, RenderContext, RenderError,
+};
 use pulldown_cmark::{html, Event, Parser};
 
 // Handlebars helper to construct TOC
@@ -102,7 +104,7 @@ impl HelperDef for RenderToc {
             // Part title
             if let Some(title) = item.get("part") {
                 out.write("<li class=\"part-title\">")?;
-                out.write(title)?;
+                out.write(&html_escape(title))?;
                 out.write("</li>")?;
                 continue;
             }
@@ -160,7 +162,7 @@ impl HelperDef for RenderToc {
                 html::push_html(&mut markdown_parsed_name, parser);
 
                 // write to the handlebars template
-                out.write(&markdown_parsed_name)?;
+                out.write(&html_escape(&markdown_parsed_name))?;
             }
 
             if path_exists {