escape html for pre and code

Andrey Karpikov
1 parent 6bb07f97
Showing 2 changed files with 3 additions and 1 deletions
lib/kanjai/template_generator.rb
lib/kanjai/version.rb
--- a/lib/kanjai/template_generator.rb
View file @25d69c4
+++ b/lib/kanjai/template_generator.rb
View file @25d69c4
@@ -377,11 +377,13 @@ module Kanjai
           if !key.nil? and !value.nil?
             work_value = value.dup
             work_value.gsub!(/\r\n/, "#newline#") if !['code', 'pre'].include?(parent_node_name.to_s.downcase)
+            work_value = CGI::escapeHTML(work_value) if ['code', 'pre'].include?(parent_node_name.to_s.downcase)
             new_text.gsub!(key, work_value.to_s.html_safe)
           end
         end
       end
       new_text
+
     end
 
     def self.replace_attributes_marker(attributes, hash_value)
--- a/lib/kanjai/version.rb
View file @25d69c4
+++ b/lib/kanjai/version.rb
View file @25d69c4
 module Kanjai
-  VERSION = "0.0.371"
+  VERSION = "0.0.372"
 end