diff options
Diffstat (limited to 'plugin/markdown/plugin.js')
| -rwxr-xr-x | plugin/markdown/plugin.js | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/plugin/markdown/plugin.js b/plugin/markdown/plugin.js index d92b8ba..a9ac06a 100755 --- a/plugin/markdown/plugin.js +++ b/plugin/markdown/plugin.js @@ -15,6 +15,14 @@ const SCRIPT_END_PLACEHOLDER = '__SCRIPT_END__'; const CODE_LINE_NUMBER_REGEX = /\[([\s\d,|-]*)\]/; +const HTML_ESCAPE_MAP = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''' +}; + const Plugin = () => { // The reveal.js instance this plugin is attached to @@ -399,6 +407,12 @@ const Plugin = () => { } + function escapeForHTML( input ) { + + return input.replace( /([&<>'"])/g, char => HTML_ESCAPE_MAP[char] ); + + } + return { id: 'markdown', @@ -427,6 +441,11 @@ const Plugin = () => { language = language.replace( CODE_LINE_NUMBER_REGEX, '' ).trim(); } + // Escape before this gets injected into the DOM to + // avoid having the HTML parser alter our code before + // highlight.js is able to read it + code = escapeForHTML( code ); + return `<pre><code ${lineNumbers} class="${language}">${code}</code></pre>`; }; |