HTML escape embded html to fix mermaid rendering

docsifyjs · mgranell · May 27, 2021 · Jun 4, 2021 · Jul 22, 2021 · Aug 2, 2021
commit 07d6d85170b41eeed24c7394eb63a45950f28bd8
diff --git a/src/core/render/embed.js b/src/core/render/embed.js
@@ -63,7 +63,13 @@ function walkFetchEmbed({ embedTokens, compile, fetch }, cb) {
             );
           } else if (token.embed.type === 'mermaid') {
             embedToken = [
-              { type: 'html', text: `<div class="mermaid">\n${text}\n</div>` },
+              {
+                type: 'html',
+                text: `<div class="mermaid">\n${text
+                  .replace(/&/g, '&amp;')
+                  .replace(/</g, '&lt;')
+                  .replace(/"/g, '&quot;')}\n</div>`,
+              },
             ];
             embedToken.links = {};
           } else {