Security: put backslash-escaped characters through HTML escaping

[cgilite] / markdown.awk

diff --git a/markdown.awk b/markdown.awk
index 7d7e0a5f56d5e70b7e0be4d1d104164a5718b13b..af3d7224657418caa809b5fa6223ce3cc1411224 100755 (executable)
--- a/markdown.awk
+++ b/markdown.awk
@@ -115,8 +115,8 @@ function inline( line, LOCAL, len, code, href, guard ) {
     return "";
 
   # omit processing of escaped characters
-  } else if ( line ~ /^\\[]\\`\*_\{\}\(\)#\+-\.![]/) {
-    return substr(line, 2, 1) inline( substr(line, 3) );
+  } else if ( line ~ /^\\./) {
+    return HTML(substr(line, 2, 1)) inline( substr(line, 3) );
 
   # hard brakes
   } else if ( match(line, /^  \n/) ) {