Added additional escaping

frontend/utils/markdown.js

@@ -3,7 +3,7 @@ import marked from 'marked';
 import sanitizedRenderer from 'marked-sanitized';
 import highlight from 'highlight.js';
 import emojify from './emojify';
-import _escape from 'lodash/escape';
+import _ from 'lodash';
 
 slug.defaults.mode = 'rfc3986';
 
@@ -11,11 +11,11 @@ const Renderer = sanitizedRenderer(marked.Renderer);
 const renderer = new Renderer();
 renderer.code = (code, language) => {
   const validLang = !!(language && highlight.getLanguage(language));
-  const highlighted = validLang ? highlight.highlight(language, code).value : _escape(code);
+  const highlighted = validLang ? highlight.highlight(language, code).value : _.escape(code);
-  return `<pre><code class="hljs ${language}">${highlighted}</code></pre>`;
+  return `<pre><code class="hljs ${_.escape(language)}">${highlighted}</code></pre>`;
 };
 renderer.heading = (text, level) => {
-  const headingSlug = slug(text);
+  const headingSlug = _.escape(slug(text));
   return `
     <h${level}>
       ${text}