From 07b37537619ec7b5fd9803512a1c357872492709 Mon Sep 17 00:00:00 2001
From: Case Duckworth
Date: Sat, 13 Aug 2022 19:40:51 -0500
Subject: Escape HTML in raw blocks

---
 ht.awk | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ht.awk b/ht.awk
index a03c8be..a2189ec 100755
--- a/ht.awk
+++ b/ht.awk
@@ -45,7 +45,7 @@ $0 ~ CONFIG["raw_delim"] {
 }
 
 RAW {
-	bufpush($0)
+	bufpush(html_escape($0))
 	next
 }
 
@@ -70,10 +70,7 @@ $0 ~ ("^" COMMENT_DELIM) {
 	} else {
 		sep = "\n"
 	}
-	# Sanitize HTML
-	gsub(/&/, "\\\\\\&", $0)
-	gsub(/</, "\\\\\\&lt;", $0)
-	gsub(/>/, "\\\\\\&gt;", $0)
+	$0 = html_escape($0)
 	# Loop through BLOCK_TYPES
 	for (bt in BLOCK_TYPES) {
 		if (match($0, "^" bt "[ \t]*")) {
@@ -258,3 +255,12 @@ function html_end()
 	BUFFER = ""
 	HTML = 0
 }
+
+function html_escape(text)
+{
+	# Sanitize HTML
+	gsub(/&/, "\\\\\\&amp;", text)
+	gsub(/</, "\\\\\\&lt;", text)
+	gsub(/>/, "\\\\\\&gt;", text)
+	return text
+}
-- 
cgit 1.4.1-21-gabe81