Escape HTML special characters

mcecode · mcecode · commit 4289f94d212c · 2025-08-29T11:13:04.000+08:00
diff --git a/generator.go b/generator.go
@@ -59,6 +59,14 @@ func ToGemtextFile(name string, asl ASL, perm os.FileMode) error {
 	return os.WriteFile(name, []byte(ToGemtext(asl)), perm)
 }
 
+var escaper = strings.NewReplacer(
+	"&", "&amp;",
+	`"`, "&quot;",
+	"'", "&apos;",
+	"<", "&lt;",
+	">", "&gt;",
+)
+
 // ToHTML turns asl into HTML.
 func ToHTML(asl ASL) string {
 	// Possible improvement for later:
@@ -77,29 +85,30 @@ func ToHTML(asl ASL) string {
 			b.WriteString("</ul>\n")
 		}
 
+		text := escaper.Replace(e.Text())
 		switch e.Type() {
 
 		case ElementTypes.Text():
 			if isPreformattedMode {
-				b.WriteString(e.Text())
+				b.WriteString(text)
 				break
 			}
-			if e.Text() == "" {
+			if text == "" {
 				b.WriteString("<br />")
 			} else {
 				b.WriteString("<p>")
-				b.WriteString(e.Text())
+				b.WriteString(text)
 				b.WriteString("</p>")
 			}
 
 		case ElementTypes.Link():
-			b.WriteString("<p><a href=\"")
+			b.WriteString(`<p><a href="`)
 			b.WriteString(e.URL())
-			b.WriteString("\">")
-			if e.Text() == "" {
-				b.WriteString(e.URL())
+			b.WriteString(`">`)
+			if text == "" {
+				b.WriteString(escaper.Replace(e.URL()))
 			} else {
-				b.WriteString(e.Text())
+				b.WriteString(text)
 			}
 			b.WriteString("</a></p>")
 
@@ -118,20 +127,20 @@ func ToHTML(asl ASL) string {
 				close = "</h3>"
 			}
 			b.WriteString(open)
-			b.WriteString(e.Text())
+			b.WriteString(text)
 			b.WriteString(close)
 
 		case ElementTypes.List():
 			if prev.Type() != ElementTypes.List() {
 				b.WriteString("<ul>\n")
 			}
 			b.WriteString("<li>")
-			b.WriteString(e.Text())
+			b.WriteString(text)
 			b.WriteString("</li>")
 
 		case ElementTypes.Quote():
 			b.WriteString("<blockquote><p>")
-			b.WriteString(e.Text())
+			b.WriteString(text)
 			b.WriteString("</p></blockquote>")
 
 		case ElementTypes.PreformatToggle():
@@ -142,16 +151,16 @@ func ToHTML(asl ASL) string {
 					b.WriteString("</figure>")
 				}
 			} else {
-				if e.Text() != "" {
+				if text != "" {
 					b.WriteString("<figure><figcaption>")
-					b.WriteString(e.Text())
+					b.WriteString(text)
 					b.WriteString("</figcaption>")
 				}
 
 				b.WriteString("<pre>")
 			}
 			isPreformattedMode = !isPreformattedMode
-			preformatHasAltText = e.Text() != ""
+			preformatHasAltText = text != ""
 
 		}
 
diff --git a/testdata/input.gmi b/testdata/input.gmi
@@ -11,6 +11,10 @@ Random:
 $%^&(*^&)
 😂🥖🏴‍☠️
 
+HTML:
+<h1>Title & Heading</h1>
+<p class="quoted">'quotes'</p>
+
 Should remain as text and keep leading whitespace:
   space indented text
 	tab indented text
@@ -33,6 +37,7 @@ Link
 
 =>
 => gemini://example.org/
+=> gemini://example.org:1234/a?b=c&d=e#f
 => gemini://example.org Name
 =>gemini://example.org/some%20page	User friendly link name
 => path/to/some.txt		 Relative link
diff --git a/testdata/output.gmi b/testdata/output.gmi
@@ -11,6 +11,10 @@ Random:
 $%^&(*^&)
 😂🥖🏴‍☠️
 
+HTML:
+<h1>Title & Heading</h1>
+<p class="quoted">'quotes'</p>
+
 Should remain as text and keep leading whitespace:
   space indented text
 	tab indented text
@@ -33,6 +37,7 @@ Link
 
 =>
 => gemini://example.org/
+=> gemini://example.org:1234/a?b=c&d=e#f
 => gemini://example.org Name
 => gemini://example.org/some%20page User friendly link name
 => path/to/some.txt Relative link
diff --git a/testdata/output.html b/testdata/output.html
@@ -8,19 +8,23 @@
 <br />
 <p>Random:</p>
 <p>123 456 789</p>
-<p>$%^&(*^&)</p>
+<p>$%^&amp;(*^&amp;)</p>
 <p>😂🥖🏴‍☠️</p>
 <br />
+<p>HTML:</p>
+<p>&lt;h1&gt;Title &amp; Heading&lt;/h1&gt;</p>
+<p>&lt;p class=&quot;quoted&quot;&gt;&apos;quotes&apos;&lt;/p&gt;</p>
+<br />
 <p>Should remain as text and keep leading whitespace:</p>
 <p>  space indented text</p>
 <p>	tab indented text</p>
-<p> => Not a link because of the leading space</p>
-<p>= Still not a link because it's missing ></p>
+<p> =&gt; Not a link because of the leading space</p>
+<p>= Still not a link because it&apos;s missing &gt;</p>
 <p>    ## Not a heading because of the leading spaces</p>
 <p>	* Not a list because of the leading tab</p>
-<p>  	> Not a quote because of the leading spaces and tab</p>
+<p>  	&gt; Not a quote because of the leading spaces and tab</p>
 <p>	  ``` Not preformat toggle because of the leading tab and spaces</p>
-<p>``Still not preformat toggle because it's missing a `</p>
+<p>``Still not preformat toggle because it&apos;s missing a `</p>
 <br />
 <p>Multiple empty lines:</p>
 <br />
@@ -33,6 +37,7 @@
 <br />
 <p><a href=""></a></p>
 <p><a href="gemini://example.org/">gemini://example.org/</a></p>
+<p><a href="gemini://example.org:1234/a?b=c&d=e#f">gemini://example.org:1234/a?b=c&amp;d=e#f</a></p>
 <p><a href="gemini://example.org">Name</a></p>
 <p><a href="gemini://example.org/some%20page">User friendly link name</a></p>
 <p><a href="path/to/some.txt">Relative link</a></p>
@@ -80,13 +85,13 @@ <h3>#Still level 3</h3>
 <li>To test if it toggles correctly</li>
 </ul>
 <figure><figcaption>Interpreted as text because inside a preformatted block</figcaption><pre>
-=>gemini://example.org Name
+=&gt;gemini://example.org Name
 
 
 
 #Level 1
 *Some
->“A quote by a wise person.” ― Anonymous
+&gt;“A quote by a wise person.” ― Anonymous
 </pre></figure>
 <br />
 <figure><figcaption>ASCII art from https://www.asciiart.eu/computers/linux</figcaption><pre>
@@ -101,15 +106,15 @@ <h3>#Still level 3</h3>
    fZP            SMMb
    HZM            MMMM
    FqM            MMMM
- __| ".        |\dS"qML
- |    `.       | `' \Zq
-_)      \.___.,|     .'
-\____   )MMMMMP|   .'
-     `-'       `--' hjm
+ __| &quot;.        |\dS&quot;qML
+ |    `.       | `&apos; \Zq
+_)      \.___.,|     .&apos;
+\____   )MMMMMP|   .&apos;
+     `-&apos;       `--&apos; hjm
 </pre></figure>
 <figure><figcaption>js</figcaption><pre>
 function main() {
-  console.log("Hello World!");
+  console.log(&quot;Hello World!&quot;);
 }
 
 main();
diff --git a/testdata/parsed_input.dump b/testdata/parsed_input.dump
@@ -39,6 +39,18 @@ ASL{
     Text{
       text: "",
     },
+    Text{
+      text: "HTML:",
+    },
+    Text{
+      text: "<h1>Title & Heading</h1>",
+    },
+    Text{
+      text: "<p class=\"quoted\">'quotes'</p>",
+    },
+    Text{
+      text: "",
+    },
     Text{
       text: "Should remain as text and keep leading whitespace:",
     },
@@ -107,6 +119,10 @@ ASL{
       text: "",
       url: "gemini://example.org/",
     },
+    Link{
+      text: "",
+      url: "gemini://example.org:1234/a?b=c&d=e#f",
+    },
     Link{
       text: "Name",
       url: "gemini://example.org",
