fix: escape html (#506)

2025-01-22 20:04:39 +08:00 · 2025-01-06 09:28:52 +08:00 · 2025-01-06 09:28:52 +08:00 · 8f09acb06d
commit 8f09acb06d
parent 4f73811f0e
1 changed files with 11 additions and 1 deletions
--- a/src/utils/renderer.ts
+++ b/src/utils/renderer.ts
@ -40,6 +40,16 @@ function buildTheme({ theme: _theme, fonts, size, isUseIndent }: IOpts): ThemeSt
  } as ThemeStyles
 }
 function escapeHtml(text: string): string {
  return text
    .replace(/&/g, `&amp;`) // 转义 &
    .replace(/</g, `&lt;`) // 转义 <
    .replace(/>/g, `&gt;`) // 转义 >
    .replace(/"/g, `&quot;`) // 转义 "
    .replace(/'/g, `&#39;`) // 转义 '
    .replace(/`/g, `&#96;`) // 转义 `
 }
 function buildAddition(): string {
  return `
    <style>
@ -203,7 +213,7 @@ export function initRenderer(opts: IOpts) {
    },
    codespan({ text }: Tokens.Codespan): string {
-      const escapedText = text.replace(/</g, `&lt;`).replace(/>/g, `&gt;`)
+      const escapedText = escapeHtml(text)
      return styledContent(`codespan`, escapedText, `code`)
    },