From ae8caa6398b6a126de7cb4194251ed6f2236cd50 Mon Sep 17 00:00:00 2001
From: duckimann <facoder2k2@gmail.com>
Date: Sun, 21 Apr 2024 19:23:50 +0700
Subject: [PATCH] fix: escape html string @ inline code

---
 src/components/EditorMarkdownIt.vue | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/components/EditorMarkdownIt.vue b/src/components/EditorMarkdownIt.vue
index a2f8522fc..1c9927915 100644
--- a/src/components/EditorMarkdownIt.vue
+++ b/src/components/EditorMarkdownIt.vue
@@ -148,10 +148,17 @@ export default {
 			}
 		},
 
+		escapeHTML(string) {
+			return string.replace(/[^\u0030-\u0039\u0041-\u005A\u0061-\u007A]/g, function(char) {
+				return `&#${char.charCodeAt()}`
+			})
+		},
+
 		setInlineCodeRule() {
+			const editorInstance = this
 			this.md.renderer.rules.code_inline = function(tokens, idx, options, env, self) {
 				const token = tokens[idx]
-				return '<code class="inline-code">' + token.content + '</code>'
+				return '<code class="inline-code">' + editorInstance.escapeHTML(token.content) + '</code>'
 			}
 		},
 	},