fix: escape html (#506)

2025-01-22 20:04:39 +08:00 · 2025-01-06 09:28:52 +08:00 · 2025-01-06 09:28:52 +08:00 · 8f09acb06d
commit 8f09acb06d
parent 4f73811f0e
1 changed files with 11 additions and 1 deletions
--- a/src/utils/renderer.ts
+++ b/src/utils/renderer.ts
@ -40,6 +40,16 @@ function buildTheme({ theme: _theme, fonts, size, isUseIndent }: IOpts): ThemeSt
  } as ThemeStyles
 }

+function escapeHtml(text: string): string {
+  return text
+    .replace(/&/g, `&amp;`) // 转义 &
+    .replace(/</g, `&lt;`) // 转义 <
+    .replace(/>/g, `&gt;`) // 转义 >
+    .replace(/"/g, `&quot;`) // 转义 "
+    .replace(/'/g, `&#39;`) // 转义 '
+    .replace(/`/g, `&#96;`) // 转义 `
+}
+
 function buildAddition(): string {
  return `
    <style>
@ -203,7 +213,7 @@ export function initRenderer(opts: IOpts) {
    },

    codespan({ text }: Tokens.Codespan): string {
-      const escapedText = text.replace(/</g, `&lt;`).replace(/>/g, `&gt;`)
+      const escapedText = escapeHtml(text)
      return styledContent(`codespan`, escapedText, `code`)
    },