Enable html_escape for code blocks highlighted in markdown

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-27 09:38:11 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-27 09:38:11 +0200
commit: 4d896a2b8679eca3777b9d11b91cdd9d1dd72b0e (patch)
tree: c2d8b569d653d7b15f4dc61e5c36e193ea3f0d41 /lib/redcarpet
parent: fd3ab6955f85142c6694ddea7aeb8335a2f08275 (diff)
download: gitlab-ce-4d896a2b8679eca3777b9d11b91cdd9d1dd72b0e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/redcarpet/render/gitlab_html.rb b/lib/redcarpet/render/gitlab_html.rb
index 42f6316910a..0fe2f48b322 100644
--- a/lib/redcarpet/render/gitlab_html.rb
+++ b/lib/redcarpet/render/gitlab_html.rb
@@ -24,7 +24,7 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML
 
 <div class="highlighted-data #{h.user_color_scheme_class}">
   <div class="highlight">
-    <pre><code class="#{language}">#{code}</code></pre>
+    <pre><code class="#{language}">#{h.html_escape(code)}</code></pre>
   </div>
 </div>
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-02-27 09:38:11 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-02-27 09:38:11 +0200
commit	4d896a2b8679eca3777b9d11b91cdd9d1dd72b0e (patch)
tree	c2d8b569d653d7b15f4dc61e5c36e193ea3f0d41 /lib/redcarpet
parent	fd3ab6955f85142c6694ddea7aeb8335a2f08275 (diff)
download	gitlab-ce-4d896a2b8679eca3777b9d11b91cdd9d1dd72b0e.tar.gz