escape text in ssr

packages/ssr/Cargo.toml

@@ -14,6 +14,7 @@ keywords = ["dom", "ui", "gui", "react", "ssr"]
 
 [dependencies]
 dioxus-core = { path = "../core", version = "^0.3.0", features = ["serialize"] }
+askama_escape = "0.10.3"
 
 [dev-dependencies]
 dioxus = { path = "../dioxus", version = "0.3.0" }

packages/ssr/src/cache.rs

@@ -82,7 +82,13 @@ impl StringCache {
                 }
                 cur_path.pop();
             }
-            TemplateNode::Text { text } => write!(chain, "{text}")?,
+            TemplateNode::Text { text } => {
+                write!(
+                    chain,
+                    "{}",
+                    askama_escape::escape(text, askama_escape::Html)
+                )?;
+            }
             TemplateNode::Dynamic { id: idx } | TemplateNode::DynamicText { id: idx } => {
                 chain.segments.push(Segment::Node(*idx))
             }

packages/ssr/src/renderer.rs

@@ -104,8 +104,11 @@ impl Renderer {
                             write!(buf, "<!--#-->")?;
                         }
 
-                        // todo: escape the text
-                        write!(buf, "{}", text.value)?;
+                        write!(
+                            buf,
+                            "{}",
+                            askama_escape::escape(text.value, askama_escape::Html)
+                        )?;
 
                         if self.pre_render {
                             write!(buf, "<!--#-->")?;