From 9fef19dbc347e89600800de11bf8b20a1d1aab5b Mon Sep 17 00:00:00 2001
From: April Hall <ari@arithefirst.com>
Date: Mon, 10 Feb 2025 15:09:53 -0500
Subject: [PATCH] fix: Remove `escapeHTML()` function

Removes the `escapeHTML()` function because `markdown-it` has support
for escaping HTML, so everything remains XSS safe
---
 src/lib/components/message.svelte | 1 -
 src/lib/functions/escapeHTML.ts   | 3 ---
 2 files changed, 4 deletions(-)
 delete mode 100644 src/lib/functions/escapeHTML.ts

diff --git a/src/lib/components/message.svelte b/src/lib/components/message.svelte
index cc570ac..82f31ec 100644
--- a/src/lib/components/message.svelte
+++ b/src/lib/components/message.svelte
@@ -1,6 +1,5 @@
 <script lang="ts">
   import { type TypeMessage } from '$lib/types';
-  import escapeHTML from '$lib/functions/escapeHTML';
   import Prose from '$lib/components/prose.svelte';
   import renderMarkdown from '$lib/functions/renderMarkdown';
   const { message, imageSrc, user }: TypeMessage = $props();
diff --git a/src/lib/functions/escapeHTML.ts b/src/lib/functions/escapeHTML.ts
deleted file mode 100644
index 89a722e..0000000
--- a/src/lib/functions/escapeHTML.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export default function escapeHTML(text: string) {
-  return text.replaceAll('&', '&amp;').replaceAll('<', '&lt;').replaceAll('>', '&gt;').replaceAll('"', '&quot;').replaceAll("'", '&#39;');
-}