From 5bd7c6ccca62f20a7743632179b1d09db1fad46f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Commaille?= <zecakeh@tedomum.fr>
Date: Tue, 3 Oct 2023 10:28:20 +0200
Subject: [PATCH] message-row: HTML escape values of HTML tag attributes

---
 src/utils/matrix.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils/matrix.rs b/src/utils/matrix.rs
index cd18dfa0..91d69334 100644
--- a/src/utils/matrix.rs
+++ b/src/utils/matrix.rs
@@ -319,7 +319,7 @@ pub fn extract_mentions(s: &str, room: &Room) -> (String, Vec<(Pill, String)>) {
                         new_string,
                         r#" {}="{}""#,
                         String::from_utf8_lossy(attr_name),
-                        String::from_utf8_lossy(attr_value),
+                        html_escape(&String::from_utf8_lossy(attr_value)),
                     )
                     .unwrap();
                 }