From 18e0da8baae8db3d197fb2162ebeb39aab32eec9 Mon Sep 17 00:00:00 2001
From: Andrew Dupont <github@andrewdupont.net>
Date: Sun, 21 Apr 2024 11:36:06 -0700
Subject: [PATCH] Fix `atom.ui.markdown` issue with rendering of HTML in code
 blocks

---
 spec/ui-spec.js | 21 +++++++++++++++++++++
 src/ui.js       |  4 ++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/spec/ui-spec.js b/spec/ui-spec.js
index 8ad5e0e66..26dda6081 100644
--- a/spec/ui-spec.js
+++ b/spec/ui-spec.js
@@ -1,3 +1,4 @@
+const dedent = require('dedent');
 
 describe("Renders Markdown", () => {
   describe("properly when given no opts", () => {
@@ -7,6 +8,26 @@ describe("Renders Markdown", () => {
     });
   });
 
+  it(`escapes HTML in code blocks properly`, () => {
+    let input = dedent`
+    Lorem ipsum dolor.
+
+    \`\`\`html
+    <p>sit amet</p>
+    \`\`\`
+    `
+
+    let expected = dedent`
+    <p>Lorem ipsum dolor.</p>
+    <pre><code class="language-html">&lt;p&gt;sit amet&lt;/p&gt;
+    </code></pre>
+    `
+
+    expect(
+      atom.ui.markdown.render(input).trim()
+    ).toBe(expected);
+  })
+
   describe("transforms links correctly", () => {
     it("makes no changes to a fqdn link", () => {
       expect(atom.ui.markdown.render("[Hello World](https://github.com)"))
diff --git a/src/ui.js b/src/ui.js
index 2a4662c44..66d208209 100644
--- a/src/ui.js
+++ b/src/ui.js
@@ -249,8 +249,8 @@ function renderMarkdown(content, givenOpts = {}) {
 
   // Here we can add some simple additions that make code highlighting possible later on,
   // but doesn't actually preform any code highlighting.
-  md.options.highlight = function(str, lang) {
-    return `<pre><code class="language-${lang}">${str}</code></pre>`;
+  md.options.highlight = function (str, lang) {
+    return `<pre><code class="language-${lang}">${md.utils.escapeHtml(str)}</code></pre>`;
   };
 
   // Process disables