From f12cee5d94f42c4b5d7e669e33e1aa85de9ea0ce Mon Sep 17 00:00:00 2001
From: Dan <14043624+delivrance@users.noreply.github.com>
Date: Mon, 24 Jun 2019 10:54:58 +0200
Subject: [PATCH] Automatically escape URL bodies when using markdown

---
 pyrogram/client/style/markdown.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pyrogram/client/style/markdown.py b/pyrogram/client/style/markdown.py
index 26effe5c..001fc60f 100644
--- a/pyrogram/client/style/markdown.py
+++ b/pyrogram/client/style/markdown.py
@@ -16,6 +16,7 @@
 # You should have received a copy of the GNU Lesser General Public License
 # along with Pyrogram.  If not, see <http://www.gnu.org/licenses/>.
 
+import html
 import re
 
 import pyrogram
@@ -89,10 +90,14 @@ class Markdown:
         for match in re.finditer(Markdown.URL_RE, text):
             start, stop = match.span()
             full = match.group(0)
+
             body, url = match.groups()
+            body = html.escape(body)
+
             replace = '<a href="{}">{}</a>'.format(url, body)
 
             text = text[:start + offset] + replace + text[stop + offset:]
+
             offset += len(replace) - len(full)
 
         return self.html.parse(text)