protect & and < enities on html2xml

diff --git a/redakcja/static/js/wiki/xslt.js b/redakcja/static/js/wiki/xslt.js
index cc2d19f..9efeba3 100644 (file)
--- a/redakcja/static/js/wiki/xslt.js
+++ b/redakcja/static/js/wiki/xslt.js
@@ -253,7 +253,7 @@ HTMLSerializer.prototype.serialize = function(rootElement, stripOuter)
                                break;
                        case TEXT_NODE:
                                self.result += text_buffer;
-                               text_buffer = token.node.nodeValue;
+                               text_buffer = token.node.nodeValue.replace('&', '&amp;').replace('<', '&lt;');
                                break;
                };
        };