From 14d73dab866c2ea2f673d4c9f1e0025a3965f7f5 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Thu, 18 Dec 2025 12:38:05 +0100
Subject: [PATCH] site(gordon): escape HTML in markdown text to preserve angle
 brackets

Configure marked.js to escape HTML entities in text tokens while
preserving code blocks. This allows angle brackets like <target-name>
to display correctly in regular text without being interpreted as HTML
tags, while keeping code examples intact.

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 assets/js/src/alpine.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/assets/js/src/alpine.js b/assets/js/src/alpine.js
index d023fb11d5..f9d2ec796a 100644
--- a/assets/js/src/alpine.js
+++ b/assets/js/src/alpine.js
@@ -35,6 +35,22 @@ hljs.registerLanguage('py', python)
 hljs.registerLanguage('go', go)
 hljs.registerLanguage('golang', go)
 
+// Configure marked to escape HTML in text tokens only (not code blocks)
+marked.use({
+  walkTokens(token) {
+    // Escape HTML in text and HTML tokens, preserve code blocks
+    if (token.type === 'text' || token.type === 'html') {
+      const text = token.text || token.raw
+      const escaped = text
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+      if (token.text) token.text = escaped
+      if (token.raw) token.raw = escaped
+    }
+  }
+})
+
 // Add $markdown magic for rendering markdown with syntax highlighting
 Alpine.magic('markdown', () => {
   return (content) => {