Escape HTML in href attribute
Browse files- src/lib/utils/marked.ts +2 -2
src/lib/utils/marked.ts
CHANGED
|
@@ -194,7 +194,7 @@ function addInlineCitations(md: string, webSearchSources: SimpleSource[] = []):
|
|
| 194 |
if (index === 0) return false;
|
| 195 |
const source = webSearchSources[index - 1];
|
| 196 |
if (source) {
|
| 197 |
-
return `<a href="${source.link}" target="_blank" rel="noreferrer" style="${linkStyle}">${index}</a>`;
|
| 198 |
}
|
| 199 |
return "";
|
| 200 |
})
|
|
@@ -235,7 +235,7 @@ function createMarkedInstance(sources: SimpleSource[]): Marked {
|
|
| 235 |
link: (href, title, text) => {
|
| 236 |
const safeHref = sanitizeHref(href);
|
| 237 |
return safeHref
|
| 238 |
-
? `<a href="${safeHref}" target="_blank" rel="noreferrer">${text}</a>`
|
| 239 |
: `<span>${escapeHTML(text ?? "")}</span>`;
|
| 240 |
},
|
| 241 |
html: (html) => escapeHTML(html),
|
|
|
|
| 194 |
if (index === 0) return false;
|
| 195 |
const source = webSearchSources[index - 1];
|
| 196 |
if (source) {
|
| 197 |
+
return `<a href="${escapeHTML(source.link)}" target="_blank" rel="noreferrer" style="${linkStyle}">${index}</a>`;
|
| 198 |
}
|
| 199 |
return "";
|
| 200 |
})
|
|
|
|
| 235 |
link: (href, title, text) => {
|
| 236 |
const safeHref = sanitizeHref(href);
|
| 237 |
return safeHref
|
| 238 |
+
? `<a href="${escapeHTML(safeHref)}" target="_blank" rel="noreferrer">${text}</a>`
|
| 239 |
: `<span>${escapeHTML(text ?? "")}</span>`;
|
| 240 |
},
|
| 241 |
html: (html) => escapeHTML(html),
|