From 4f9aa69626916e8ba8350779c7ae2d8f1056150a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Sat, 3 Jun 2023 17:24:08 +0200
Subject: [PATCH] Fix HTML rendering escaping.

---
 muppet/data/html.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/muppet/data/html.py b/muppet/data/html.py
index e165dcf..1b155fe 100644
--- a/muppet/data/html.py
+++ b/muppet/data/html.py
@@ -10,6 +10,7 @@ from . import (
     render,
 )
 from collections.abc import Sequence
+import html
 
 
 class HTMLRenderer(Renderer):
@@ -68,5 +69,5 @@ class HTMLRenderer(Renderer):
         return ' ' * ind.depth * 2
 
     def render_str(self, s: str) -> str:
-        """Return the given string verbatim."""
-        return s
+        """HTML escape and return the given string."""
+        return html.escape(s)
-- 
GitLab