From 628929d8cbd7e2d59dd324f083fddd520c1c6c4d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Paul=20H=C3=A4nsch?= <paul@plutz.net>
Date: Mon, 12 Jun 2023 17:41:31 +0200
Subject: [PATCH] Security: put backslash-escaped characters through HTML
 escaping

---
 markdown.awk | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/markdown.awk b/markdown.awk
index 7d7e0a5..af3d722 100755
--- a/markdown.awk
+++ b/markdown.awk
@@ -115,8 +115,8 @@ function inline( line, LOCAL, len, code, href, guard ) {
     return "";
 
   # omit processing of escaped characters
-  } else if ( line ~ /^\\[]\\`\*_\{\}\(\)#\+-\.![]/) {
-    return substr(line, 2, 1) inline( substr(line, 3) );
+  } else if ( line ~ /^\\./) {
+    return HTML(substr(line, 2, 1)) inline( substr(line, 3) );
 
   # hard brakes
   } else if ( match(line, /^  \n/) ) {
-- 
2.39.2