From 78def546458d2ccb95349a9f28a8b4854813152c Mon Sep 17 00:00:00 2001
From: Alvie Rahman <alvierahman90@gmail.com>
Date: Sun, 22 Aug 2021 21:47:54 +0100
Subject: [PATCH] escape html < and > chars

---
 notes2web.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/notes2web.py b/notes2web.py
index 0d6dae0..176e52d 100755
--- a/notes2web.py
+++ b/notes2web.py
@@ -211,7 +211,7 @@ def main(args):
         html = re.sub(r'\$raw\$', os.path.basename(filename), html)
         html = html.replace('$filehistory$', filehistory)
         with open(filename) as fp:
-            html += fp.read()
+            html += fp.read().replace("<", "&lt;").replace(">", "&gt;")
         html += TEXT_ARTICLE_TEMPLATE_FOOT
 
         with open(output_filename, 'w+') as fp: