From e3dd191d54a0a4adfb906af4b12e5fdc4627a2d3 Mon Sep 17 00:00:00 2001
From: Douglas Christopher Wilson <doug@somethingdoug.com>
Date: Mon, 23 May 2016 23:00:43 -0400
Subject: [PATCH] examples: escape HTML in markdown example

---
 examples/markdown/index.js | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/examples/markdown/index.js b/examples/markdown/index.js
index db2f16fb48..430628701f 100644
--- a/examples/markdown/index.js
+++ b/examples/markdown/index.js
@@ -2,9 +2,10 @@
  * Module dependencies.
  */
 
+var escapeHtml = require('escape-html');
 var express = require('../..');
 var fs = require('fs');
-var md = require('marked').parse;
+var marked = require('marked');
 
 var app = module.exports = express();
 
@@ -13,15 +14,10 @@ var app = module.exports = express();
 app.engine('md', function(path, options, fn){
   fs.readFile(path, 'utf8', function(err, str){
     if (err) return fn(err);
-    try {
-      var html = md(str);
-      html = html.replace(/\{([^}]+)\}/g, function(_, name){
-        return options[name] || '';
-      });
-      fn(null, html);
-    } catch(err) {
-      fn(err);
-    }
+    var html = marked.parse(str).replace(/\{([^}]+)\}/g, function(_, name){
+      return escapeHtml(options[name] || '');
+    });
+    fn(null, html);
   });
 });