From 8f09acb06d3eacc62121aedc8f50153dcf321fe7 Mon Sep 17 00:00:00 2001
From: Libin YANG <szuyanglb@outlook.com>
Date: Mon, 6 Jan 2025 09:28:52 +0800
Subject: [PATCH] fix: escape html (#506)

---
 src/utils/renderer.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/utils/renderer.ts b/src/utils/renderer.ts
index 75fa8d7..23c9622 100644
--- a/src/utils/renderer.ts
+++ b/src/utils/renderer.ts
@@ -40,6 +40,16 @@ function buildTheme({ theme: _theme, fonts, size, isUseIndent }: IOpts): ThemeSt
   } as ThemeStyles
 }
 
+function escapeHtml(text: string): string {
+  return text
+    .replace(/&/g, `&amp;`) // 转义 &
+    .replace(/</g, `&lt;`) // 转义 <
+    .replace(/>/g, `&gt;`) // 转义 >
+    .replace(/"/g, `&quot;`) // 转义 "
+    .replace(/'/g, `&#39;`) // 转义 '
+    .replace(/`/g, `&#96;`) // 转义 `
+}
+
 function buildAddition(): string {
   return `
     <style>
@@ -203,7 +213,7 @@ export function initRenderer(opts: IOpts) {
     },
 
     codespan({ text }: Tokens.Codespan): string {
-      const escapedText = text.replace(/</g, `&lt;`).replace(/>/g, `&gt;`)
+      const escapedText = escapeHtml(text)
       return styledContent(`codespan`, escapedText, `code`)
     },