Also escape & (in addition to < and >) when html_escape is true

timeout_old
Tassilo Horn 3 years ago
parent 81bafedf36
commit 161a092a75
  1. 4
      src/con.rs

@ -200,7 +200,9 @@ lazy_static! {
fn maybe_html_escape(do_it: bool, text: &str) -> String { fn maybe_html_escape(do_it: bool, text: &str) -> String {
if do_it { if do_it {
text.replace("<", "&lt;").replace(">", "&gt;") text.replace("<", "&lt;")
.replace(">", "&gt;")
.replace("&", "&amp;")
} else { } else {
text.to_string() text.to_string()
} }

Loading…
Cancel
Save