From aa3a85c7272052a743e6d1d1164484a749cc4079 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Fri, 27 Dec 2019 21:40:41 -0500
Subject: [PATCH] Escape major HTML characters in code blocks in
 BBCode::convert

- HTML sanitization was removing unescaped opening chevrons in code blocks
---
 src/Content/Text/BBCode.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php
index a3d26a7367..3617470df4 100644
--- a/src/Content/Text/BBCode.php
+++ b/src/Content/Text/BBCode.php
@@ -1283,9 +1283,9 @@ class BBCode extends BaseObject
 			function ($matches) use (&$codeblocks) {
 				$return = '#codeblock-' . count($codeblocks) . '#';
 				if (strpos($matches[2], "\n") !== false) {
-					$codeblocks[] = '<pre><code class="language-' . trim($matches[1]) . '">' . trim($matches[2], "\n\r") . '</code></pre>';
+					$codeblocks[] = '<pre><code class="language-' . trim($matches[1]) . '">' . htmlspecialchars(trim($matches[2], "\n\r"), ENT_NOQUOTES, 'UTF-8') . '</code></pre>';
 				} else {
-					$codeblocks[] = '<code>' . $matches[2] . '</code>';
+					$codeblocks[] = '<code>' . htmlspecialchars($matches[2], ENT_NOQUOTES, 'UTF-8') . '</code>';
 				}
 
 				return $return;