From 04880a004cb28318e5ebd7ee9e63c79fc9f9ed04 Mon Sep 17 00:00:00 2001
From: Hsiaoming Yang <me@lepture.com>
Date: Mon, 6 Apr 2026 21:08:45 +0900
Subject: [PATCH] fix: escape id of toc

---
 src/mistune/toc.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: mistune-3.1.3/src/mistune/toc.py
===================================================================
--- mistune-3.1.3.orig/src/mistune/toc.py
+++ mistune-3.1.3/src/mistune/toc.py
@@ -1,7 +1,7 @@
 from typing import TYPE_CHECKING, Any, Callable, Dict, Iterable, List, Optional, Tuple
 
 from .core import BlockState
-from .util import striptags
+from .util import striptags, escape
 
 if TYPE_CHECKING:
     from .markdown import Markdown
@@ -89,7 +89,7 @@ def render_toc_ul(toc: Iterable[Tuple[in
     s = ""
     levels: List[int] = []
     for level, k, text in toc:
-        item = '<a href="#{}">{}</a>'.format(k, text)
+        item = '<a href="#{}">{}</a>'.format(escape(k), text)
         if not levels:
             s += "<li>" + item
             levels.append(level)
Index: mistune-3.1.3/tests/fixtures/fenced_toc.txt
===================================================================
--- mistune-3.1.3.orig/tests/fixtures/fenced_toc.txt
+++ mistune-3.1.3/tests/fixtures/fenced_toc.txt
@@ -52,7 +52,7 @@ none
 .
 <h1>H1</h1>
 <h2>H2</h2>
-<div class="error"><pre>"max-level" option MUST be integer</pre></div>
+<div class="error"><pre>&quot;max-level&quot; option MUST be integer</pre></div>
 ````````````````````````````````
 
 ```````````````````````````````` example
@@ -65,7 +65,7 @@ none
 .
 <h1>H1</h1>
 <h2>H2</h2>
-<div class="error"><pre>"max-level" option MUST be <= 3</pre></div>
+<div class="error"><pre>&quot;max-level&quot; option MUST be &lt;= 3</pre></div>
 ````````````````````````````````
 
 ```````````````````````````````` example
@@ -79,7 +79,7 @@ none
 .
 <h1>H1</h1>
 <h2>H2</h2>
-<div class="error"><pre>"min-level" option MUST be less than "max-level" option</pre></div>
+<div class="error"><pre>&quot;min-level&quot; option MUST be less than &quot;max-level&quot; option</pre></div>
 ````````````````````````````````
 
 ## Complex
Index: mistune-3.1.3/tests/fixtures/rst_toc.txt
===================================================================
--- mistune-3.1.3.orig/tests/fixtures/rst_toc.txt
+++ mistune-3.1.3/tests/fixtures/rst_toc.txt
@@ -50,7 +50,7 @@ none
 .
 <h1>H1</h1>
 <h2>H2</h2>
-<div class="error"><pre>"max-level" option MUST be integer</pre></div>
+<div class="error"><pre>&quot;max-level&quot; option MUST be integer</pre></div>
 ````````````````````````````````
 
 ```````````````````````````````` example
@@ -61,7 +61,7 @@ none
 .
 <h1>H1</h1>
 <h2>H2</h2>
-<div class="error"><pre>"max-level" option MUST be <= 3</pre></div>
+<div class="error"><pre>&quot;max-level&quot; option MUST be &lt;= 3</pre></div>
 ````````````````````````````````
 
 ```````````````````````````````` example
@@ -73,7 +73,7 @@ none
 .
 <h1>H1</h1>
 <h2>H2</h2>
-<div class="error"><pre>"min-level" option MUST be less than "max-level" option</pre></div>
+<div class="error"><pre>&quot;min-level&quot; option MUST be less than &quot;max-level&quot; option</pre></div>
 ````````````````````````````````