From 0ca968064291118e39d100cd063cc13e8d1f3c18 Mon Sep 17 00:00:00 2001
From: arne314 <73391160+arne314@users.noreply.github.com>
Date: Tue, 6 May 2025 19:03:50 +0200
Subject: [PATCH] fix(anki): escape html

---
 src/anki/flashcard.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/anki/flashcard.py b/src/anki/flashcard.py
index 5ee2125..26b3029 100644
--- a/src/anki/flashcard.py
+++ b/src/anki/flashcard.py
@@ -1,3 +1,5 @@
+import html
+
 import tree_sitter
 
 from .file_handler import FileHandler
@@ -48,7 +50,9 @@ class Flashcard:
         return f"#flashcard({self.note_id})[{self.front if front else ''}][{self.back if not front else ''}]"
 
     def as_html(self, front: bool) -> str:
-        prefix = f"<p hidden>{self.front}: {self.back}{' ' * 10}</p>"  # indexable via anki search
+        safe_front = html.escape(self.front)
+        safe_back = html.escape(self.back)
+        prefix = f"<p hidden>{safe_front}: {safe_back}{' ' * 10}</p>"  # indexable via anki search
         image = f'<img src="{self.svg_filename(front)}" />'
         return prefix + image