escape potential html in gemini content

fix rogue newline after pre tag

README.md

@@ -84,7 +84,7 @@ Currently approaching a v1 release 🎉 Would you like to help test the RC? _You
 Install the binary via npm.
 
 ```sh
-npm install --global gmi-web-cli@1.0.2-rc.1
+npm install --global gmi-web-cli@1.0.3-rc.1
 ```
 
 Render .html for all the .gmi files in the current directory

gmi-web.1.scd

@@ -1,4 +1,4 @@
-gmi-web(1) "1.0.2-rc.1"
+gmi-web(1) "1.0.3-rc.1"
 
 # NAME
 

gmi.css.5.scd

@@ -1,4 +1,4 @@
-gmi.css(5) "1.0.2-rc.1"
+gmi.css(5) "1.0.3-rc.1"
 
 # NAME
 

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "gmi-web-cli",
-  "version": "1.0.0-rc.1",
+  "version": "1.0.2-rc.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -212,6 +212,11 @@
       "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
       "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw=="
     },
+    "escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
+    },
     "extend": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "gmi-web-cli",
-  "version": "1.0.2-rc.1",
+  "version": "1.0.3-rc.1",
   "description": "A bridge between HTML and Gemini",
   "main": "cli.js",
   "bin": {
@@ -25,6 +25,7 @@
     "clean": "make clean"
   },
   "dependencies": {
+    "escape-html": "^1.0.3",
     "map-stream": "0.0.7",
     "vinyl-fs": "^3.0.3",
     "yargs": "^16.2.0"

to-html.js

@@ -1,5 +1,6 @@
 const fs = require("fs");
 const path = require("path");
+const escape = require("escape-html");
 
 const TOKENS_EXT = /\.tokens\.json$/;
 // https://developer.mozilla.org/en-US/docs/Web/Media/Formats
@@ -65,14 +66,15 @@ function gemtext(tokens, options) {
       body.push("</pre>");
       tokens = tokens.slice(closing + 1);
     }
-    if (cursor.li) {
+    else if (cursor.li) {
       body.push(`<ul>`);
       const closing = tokens.findIndex((token) => !token.li);
       body = body.concat(tokens.slice(0, closing).map(line));
       body.push("</ul>");
       tokens = tokens.slice(closing + 1);
-    }
+    } else {
       body.push(line(cursor, options));
+    }
     cursor = tokens.shift();
   }
 
@@ -83,7 +85,7 @@ function line(
   { text, href, title, pre, alt, h1, h2, h3, li, quote },
   { images, audio, video }
 ) {
-  if (text) return `<p>${text}</p>`;
+  if (text) return `<p>${escape(text)}</p>`;
   if (href) {
     if (images && IMG_EXT.test(href))
       return `<img src="${href}" title="${title}"/>`;
@@ -92,13 +94,13 @@ function line(
     if (video && VIDEO_EXT.test(href))
       return `<video controls src="${href}" title="${title}"/></video>`;
 
-    return `<a href="${href}">${title || href}</a>`;
+    return `<a href="${href}">${escape(title) || href}</a>`;
   }
-  if (h1) return `<h1>${h1}</h1>`;
-  if (h2) return `<h2>${h2}</h2>`;
-  if (h3) return `<h3>${h3}</h3>`;
-  if (li) return `<li>${li}</li>`;
-  if (quote) return `<blockquote>${quote}</blockquote>`;
+  if (h1) return `<h1>${escape(h1)}</h1>`;
+  if (h2) return `<h2>${escape(h2)}</h2>`;
+  if (h3) return `<h3>${escape(h3)}</h3>`;
+  if (li) return `<li>${escape(li)}</li>`;
+  if (quote) return `<blockquote>${escape(quote)}</blockquote>`;
   return `<p><br></p>`;
 }