bug-fix: escape HTML meta characters in title

src/resources/marked.js

@@ -5,12 +5,13 @@ var nameCounter = 0;
 renderer.heading = function(text, level) {
     // Use number to avoid issues with Chinese
     var escapedText = 'toc_' + nameCounter++;
+    var textHtml = escapeHtml(text);
     toc.push({
         level: level,
         anchor: escapedText,
-        title: text
+        title: textHtml
     });
-    return '<h' + level + ' id="' + escapedText + '">' + text + '</h' + level + '>';
+    return '<h' + level + ' id="' + escapedText + '">' + textHtml + '</h' + level + '>';
 };
 
 // Highlight.js to highlight code block

src/resources/showdown.js

@@ -23,7 +23,7 @@ var parseHeadings = function(html) {
         toc.push({
             level: level,
             anchor: ele.id,
-            title: ele.innerHTML
+            title: escapeHtml(ele.textContent)
         });
     }
 

src/resources/themes/v_moonlight/v_moonlight.css

@@ -89,7 +89,6 @@ pre {
 
 code {
     font-family: Consolas, Monaco, Monospace, Courier;
-    font-size: 16px;
     color: #98C379;
     word-break: break-all;
 }

src/resources/themes/v_native/v_native.css

@@ -89,7 +89,6 @@ pre {
 
 code {
     font-family: Consolas, Monaco, Monospace, Courier;
-    font-size: 16px;
     color: #8E24AA;
     word-break: break-all;
 }

src/resources/themes/v_pure/v_pure.css

@@ -90,7 +90,6 @@ pre {
 
 code {
     font-family: Consolas, Monaco, Monospace, Courier;
-    font-size: 16px;
     color: #8E24AA;
     word-break: break-all;
 }