From 8b8e02af4eaa6fd212f1cd8897216299b530855c Mon Sep 17 00:00:00 2001
From: Jack Chakany <jack@chaker.net>
Date: Wed, 7 Feb 2024 17:19:29 -0500
Subject: [PATCH] Prevent xss injection scripts

---
 src/routes/[event]/+page.svelte | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/routes/[event]/+page.svelte b/src/routes/[event]/+page.svelte
index 7eb8c96..63a24fe 100644
--- a/src/routes/[event]/+page.svelte
+++ b/src/routes/[event]/+page.svelte
@@ -106,6 +106,10 @@
 		}
 		return $nostr.postNewEvent(event)
 	}
+
+	function escapeText(text: string): string {
+		return value.toString().replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/'/g, "&#39;").replace(/"/g, "&#34;");
+	}
 </script>
 
 <svelte:head>
@@ -166,7 +170,7 @@
 	{#if data?.tags.find((t) => t[0] === "filename")[1].endsWith(".md")}
 		<SvelteMarkdown source={data.content} />
 	{:else}
-		<HighlightAuto code={data.content} let:highlighted>
+		<HighlightAuto code={(() => escapeText(data.content))()} let:highlighted>
 			<LineNumbers {highlighted} hideBorder wrapLines />
 		</HighlightAuto>
 	{/if}
@@ -180,4 +184,4 @@
 	</div>
 {:catch error}
 	<span>error</span>
-{/await}
\ No newline at end of file
+{/await}