From d95ef309ca30179c4efdc8ec5a89b4e4e28ed8cb Mon Sep 17 00:00:00 2001
From: Lim Chee Aun <cheeaun@gmail.com>
Date: Mon, 8 May 2023 12:08:26 +0800
Subject: [PATCH] Quick fix html escaping bug

---
 src/utils/enhance-content.js | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/utils/enhance-content.js b/src/utils/enhance-content.js
index bf0ef916..c91c6328 100644
--- a/src/utils/enhance-content.js
+++ b/src/utils/enhance-content.js
@@ -41,7 +41,10 @@ function enhanceContent(content, opts = {}) {
   // Convert :shortcode: to <img />
   let textNodes = extractTextNodes(dom);
   textNodes.forEach((node) => {
-    let html = node.nodeValue.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+    let html = node.nodeValue
+      .replace(/&/g, '&amp;')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;');
     if (emojis) {
       html = emojifyText(html, emojis);
     }
@@ -106,7 +109,10 @@ function enhanceContent(content, opts = {}) {
   // Convert `code` to <code>code</code>
   textNodes = extractTextNodes(dom);
   textNodes.forEach((node) => {
-    let html = node.nodeValue.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+    let html = node.nodeValue
+      .replace(/&/g, '&amp;')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;');
     if (/`[^`]+`/g.test(html)) {
       html = html.replaceAll(/(`[^]+?`)/g, '<code>$1</code>');
     }
@@ -122,7 +128,10 @@ function enhanceContent(content, opts = {}) {
     rejectFilter: ['A'],
   });
   textNodes.forEach((node) => {
-    let html = node.nodeValue.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+    let html = node.nodeValue
+      .replace(/&/g, '&amp;')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;');
     if (/@[a-zA-Z0-9_]+@twitter\.com/g.test(html)) {
       html = html.replaceAll(
         /(@([a-zA-Z0-9_]+)@twitter\.com)/g,