Ensure HTML code is encoded for display in search

dragonstyle · dragonstyle · commit 81a21c451e64 · 2023-02-20T10:23:48.000-05:00
Fixes #4404
diff --git a/src/core/html.ts b/src/core/html.ts
@@ -37,11 +37,15 @@ export function getDecodedAttribute(element: Element, attrib: string) {
   }
 }
 
+const kTagBrackets: Record<string, string> = {
+  "<": "&lt;",
+  ">": "&gt;",
+};
+
 const kAttrReplacements: Record<string, string> = {
   '"': "&quot;",
   "'": "&#039;",
-  "<": "&lt;",
-  ">": "&gt;",
+  ...kTagBrackets,
   "&": "&amp;",
 };
 export function encodeAttributeValue(value: unknown) {
@@ -56,6 +60,13 @@ export function encodeAttributeValue(value: unknown) {
   }
 }
 
+export function encodeHtml(value: string) {
+  Object.keys(kTagBrackets).forEach((key) => {
+    value = value.replaceAll(key, kTagBrackets[key]);
+  });
+  return value;
+}
+
 export function findParent(
   el: Element,
   match: (el: Element) => boolean,
diff --git a/src/project/types/website/website-search.ts b/src/project/types/website/website-search.ts
@@ -51,6 +51,7 @@ import { kLanguageDefaults } from "../../../config/constants.ts";
 import { pathWithForwardSlashes } from "../../../core/path.ts";
 import { isHtmlFileOutput } from "../../../config/format.ts";
 import { projectIsBook } from "../../project-context.ts";
+import { encodeHtml } from "../../../core/html.ts";
 
 // The main search key
 export const kSearch = "search";
@@ -290,7 +291,7 @@ export async function updateSearchIndex(
               href: href,
               title,
               section: "",
-              text: pageText.join("\n"),
+              text: encodeHtml(pageText.join("\n")),
             });
           }
 
@@ -302,14 +303,15 @@ export async function updateSearchIndex(
               const hrefWithAnchor = `${href}#${section.id}`;
               const sectionText = section.textContent.trim();
               h2.remove();
+
               if (sectionText) {
                 // Don't index empty sections
                 updateDoc({
                   objectID: hrefWithAnchor,
                   href: hrefWithAnchor,
                   title,
                   section: sectionTitle,
-                  text: sectionText,
+                  text: encodeHtml(sectionText),
                 });
               }
             }
@@ -325,7 +327,7 @@ export async function updateSearchIndex(
                 href,
                 title,
                 section: "",
-                text: mainText,
+                text: encodeHtml(mainText),
               });
             }
           }
