Escape code mode

[blerg.git] / www / jssrc / blerg / Util.js

diff --git a/www/jssrc/blerg/Util.js b/www/jssrc/blerg/Util.js
index 8706f81..6e99f46 100644 (file)
--- a/www/jssrc/blerg/Util.js
+++ b/www/jssrc/blerg/Util.js
@@ -77,6 +77,8 @@ blerg.Util.blergFormat = function(text) {
                 out.push('<p>');
                 githubCodeMode = false;
             } else {
+                // Sanitize HTML input
+                l = l.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
                 out.push(l + "\n");
             }
             return;
@@ -94,6 +96,8 @@ blerg.Util.blergFormat = function(text) {
                 out.push('<pre>');
                 codeMode = true;
             }
+            // Sanitize HTML input
+            l = l.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
             out.push(l.substr(4) + "\n");
             return;
         } else {