Fix escaping of HTML special chars (<, >, &) in `.toc_tokens`

Fixes #906.
author: Jim Porter <826865+jimporter@users.noreply.github.com> 2020-02-12 12:28:51 -0800
committer: GitHub <noreply@github.com> 2020-02-12 15:28:51 -0500
commit: 74c0166c6903b07b3b2b9cbba36705d1414cbaf7 (patch)
tree: 50cb58b90d95a5b83f55646a8db2411cf42c1f72 /markdown/extensions
parent: 1de3083d82a5245015f0f0b9471a965916134d6d (diff)
download: python-markdown-74c0166c6903b07b3b2b9cbba36705d1414cbaf7.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/markdown/extensions/toc.py b/markdown/extensions/toc.py
index dc80c7e..8f2b13f 100644
--- a/markdown/extensions/toc.py
+++ b/markdown/extensions/toc.py
@@ -15,7 +15,7 @@ License: [BSD](https://opensource.org/licenses/bsd-license.php)
 
 from . import Extension
 from ..treeprocessors import Treeprocessor
-from ..util import parseBoolValue, AMP_SUBSTITUTE, HTML_PLACEHOLDER_RE
+from ..util import code_escape, parseBoolValue, AMP_SUBSTITUTE, HTML_PLACEHOLDER_RE
 from ..postprocessors import UnescapePostprocessor
 import re
 import unicodedata
@@ -264,7 +264,8 @@ class TocTreeprocessor(Treeprocessor):
                     'level': int(el.tag[-1]),
                     'id': el.attrib["id"],
                     'name': unescape(stashedHTML2text(
-                        el.attrib.get('data-toc-label', text), self.md, strip_entities=False
+                        code_escape(el.attrib.get('data-toc-label', text)),
+                        self.md, strip_entities=False
                     ))
                 })
author	Jim Porter <826865+jimporter@users.noreply.github.com>	2020-02-12 12:28:51 -0800
committer	GitHub <noreply@github.com>	2020-02-12 15:28:51 -0500
commit	74c0166c6903b07b3b2b9cbba36705d1414cbaf7 (patch)
tree	50cb58b90d95a5b83f55646a8db2411cf42c1f72 /markdown/extensions
parent	1de3083d82a5245015f0f0b9471a965916134d6d (diff)
download	python-markdown-74c0166c6903b07b3b2b9cbba36705d1414cbaf7.tar.gz