From 94a065048d8029cb407f61443761ad18fad6fa02 Mon Sep 17 00:00:00 2001
From: Chip Black <bytex64@bytex64.net>
Date: Sun, 23 Mar 2014 03:46:31 -0500
Subject: [PATCH] Escape code mode

---
 www/jssrc/blerg/Util.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/www/jssrc/blerg/Util.js b/www/jssrc/blerg/Util.js
index 8706f81..6e99f46 100644
--- a/www/jssrc/blerg/Util.js
+++ b/www/jssrc/blerg/Util.js
@@ -77,6 +77,8 @@ blerg.Util.blergFormat = function(text) {
                 out.push('<p>');
                 githubCodeMode = false;
             } else {
+                // Sanitize HTML input
+                l = l.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
                 out.push(l + "\n");
             }
             return;
@@ -94,6 +96,8 @@ blerg.Util.blergFormat = function(text) {
                 out.push('<pre>');
                 codeMode = true;
             }
+            // Sanitize HTML input
+            l = l.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
             out.push(l.substr(4) + "\n");
             return;
         } else {
-- 
2.25.1