From a3cb6e5655308797e8be021d6c7b5bab13cbace2 Mon Sep 17 00:00:00 2001 From: Hsiaoming Yang Date: Mon, 16 Mar 2026 02:43:48 +0900 Subject: [PATCH] fix: escape html text --- src/mistune/directives/admonition.py | 3 ++- src/mistune/directives/image.py | 4 ++-- src/mistune/renderers/html.py | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/mistune/directives/admonition.py b/src/mistune/directives/admonition.py index 0111deb..1435bc6 100644 --- a/src/mistune/directives/admonition.py +++ b/src/mistune/directives/admonition.py @@ -1,4 +1,5 @@ from typing import TYPE_CHECKING, Any, Dict, Match +from ..util import escape as escape_text from ._base import BaseDirective, DirectivePlugin @@ -64,7 +65,7 @@ def render_admonition(self: Any, text: str, name: str, **attrs: Any) -> str: html = '
\n' + text + "
\n" diff --git a/src/mistune/directives/image.py b/src/mistune/directives/image.py index 2c9a7d8..aaf346a 100644 --- a/src/mistune/directives/image.py +++ b/src/mistune/directives/image.py @@ -160,11 +160,11 @@ def render_figure( if align: _cls += " align-" + align if figclass: - _cls += " " + figclass + _cls += " " + escape_text(figclass) html = '
\n" + text + "
\n" diff --git a/src/mistune/renderers/html.py b/src/mistune/renderers/html.py index 0f8d41d..41e2c19 100644 --- a/src/mistune/renderers/html.py +++ b/src/mistune/renderers/html.py @@ -138,7 +138,7 @@ def block_html(self, html: str) -> str: return html + "\n" def block_error(self, text: str) -> str: - return '
' + text + "
\n" + return '
' + escape_text(text) + "
\n" def list(self, text: str, ordered: bool, **attrs: Any) -> str: if ordered: