From edd773c2fc9b6039fe4a85ef31fa5756fdc3db2c Mon Sep 17 00:00:00 2001
From: Ryan Stafford <ryan@nanorex.net>
Date: Fri, 10 May 2024 12:49:06 -0400
Subject: [PATCH] escape html tags in markdown instead of removing them

---
 routes.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/routes.go b/routes.go
index 875f814..159d683 100644
--- a/routes.go
+++ b/routes.go
@@ -7,6 +7,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"html"
 	"html/template"
 	"io"
 	"net/http"
@@ -154,6 +155,8 @@ var funcMap = template.FuncMap{
 		body = re.ReplaceAllString(body, "\n***\n")
 		// community bangs
 		body = RegReplace(body, `([^\[])!([a-zA-Z0-9_]+)@([a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)+)`, `$1[!$2@$3](/c/$2@$3)`)
+		// escape HTML tags
+		body = html.EscapeString(body)
 		if err := md.Convert([]byte(body), &buf); err != nil {
 			fmt.Println(err)
 			return template.HTML(body)