site(gordon): escape HTML in markdown text to preserve angle brackets

Configure marked.js to escape HTML entities in text tokens while
preserving code blocks. This allows angle brackets like <target-name>
to display correctly in regular text without being interpreted as HTML
tags, while keeping code examples intact.

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>

assets/js/src/alpine.js

@@ -35,6 +35,22 @@ hljs.registerLanguage('py', python)
 hljs.registerLanguage('go', go)
 hljs.registerLanguage('golang', go)
 
+// Configure marked to escape HTML in text tokens only (not code blocks)
+marked.use({
+  walkTokens(token) {
+    // Escape HTML in text and HTML tokens, preserve code blocks
+    if (token.type === 'text' || token.type === 'html') {
+      const text = token.text || token.raw
+      const escaped = text
+        .replace(/&/g, '&')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+      if (token.text) token.text = escaped
+      if (token.raw) token.raw = escaped
+    }
+  }
+})
+
 // Add $markdown magic for rendering markdown with syntax highlighting
 Alpine.magic('markdown', () => {
   return (content) => {