properly escape tweet content

src/twit2blogpkg/server.nim

@@ -71,7 +71,7 @@ router twitblog:
       resp htmlgen.body(
         htmlgen.a(href=fmt"/author/{author}/threads", fmt"See all of {author}'s threads"),
         htmlgen.h4(title),
-        htmlgen.ul(tweets.map((t) => htmlgen.p(htmlgen.li(t))).join(""))
+        htmlgen.ul(tweets.map((t) => htmlgen.li(t)).join(""))
       )
     else:
       chan.send(ThreadRequest(tweetID: tweetID, author: author))

src/twit2blogpkg/twitter.nim

@@ -1,4 +1,6 @@
 import httpClient, base64, uri, json, os, strformat, sequtils, strutils, options
+from htmlgen import nil
+from xmltree import escape
 
 proc buildAuthHeader() : string =
   let consumerKey = "TWITTER_CONSUMER_KEY".getEnv
@@ -75,9 +77,10 @@ proc convertWords(tweet : string) : string =
         let hostname = parsedUri.hostname
         let path = parsedUri.path
         if (scheme.len > 0 and hostname.len > 0):
-          stripped &= fmt"[{scheme}://{hostname}{path}]({scheme}://{hostname}{path})"
+          let url = xmltree.escape(fmt"{scheme}://{hostname}{path}")
+          stripped &= htmlgen.a(href=url, url)
       elif word.len > 0 and word[0] != '@':
-        stripped &= word
+        stripped &= xmltree.escape(word)
       else:
         continue
   stripped.join(" ")