From: Paul Hänsch <paul@plutz.net>
Date: Mon, 12 Jun 2023 15:41:31 +0000 (+0200)
Subject: Security: put backslash-escaped characters through HTML escaping
X-Git-Url: http://git.plutz.net/?p=cgilite;a=commitdiff_plain;h=628929d8cbd7e2d59dd324f083fddd520c1c6c4d

Security: put backslash-escaped characters through HTML escaping
---

diff --git a/markdown.awk b/markdown.awk
index 7d7e0a5..af3d722 100755
--- a/markdown.awk
+++ b/markdown.awk
@@ -115,8 +115,8 @@ function inline( line, LOCAL, len, code, href, guard ) {
     return "";
 
   # omit processing of escaped characters
-  } else if ( line ~ /^\\[]\\`\*_\{\}\(\)#\+-\.![]/) {
-    return substr(line, 2, 1) inline( substr(line, 3) );
+  } else if ( line ~ /^\\./) {
+    return HTML(substr(line, 2, 1)) inline( substr(line, 3) );
 
   # hard brakes
   } else if ( match(line, /^  \n/) ) {