From df7234f3a659c828ac309872898dee9afc6df23f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yago=20Gonz=C3=A1lez?= <yagogonzalezg@gmail.com>
Date: Tue, 14 Aug 2018 02:50:05 +0200
Subject: [PATCH] api docs: Escape HTML in the examples.

Having HTML (or HTML-like) content in the examples was making parts of
the content invisible, since the browser identified them as HTML tags
rather than verbose text.
---
 zerver/lib/bugdown/api_arguments_table_generator.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/zerver/lib/bugdown/api_arguments_table_generator.py b/zerver/lib/bugdown/api_arguments_table_generator.py
index ae6992b2a7..885f8081d1 100644
--- a/zerver/lib/bugdown/api_arguments_table_generator.py
+++ b/zerver/lib/bugdown/api_arguments_table_generator.py
@@ -2,6 +2,7 @@ import re
 import os
 import ujson
 
+from django.utils.html import escape as escape_html
 from markdown.extensions import Extension
 from markdown.preprocessors import Preprocessor
 from zerver.lib.openapi import get_openapi_parameters
@@ -133,7 +134,7 @@ class APIArgumentsTablePreprocessor(Preprocessor):
                 argument=argument.get('argument') or argument.get('name'),
                 # Show this as JSON to avoid changing the quoting style, which
                 # may cause problems with JSON encoding.
-                example=ujson.dumps(argument['example']),
+                example=escape_html(ujson.dumps(argument['example'])),
                 required='Yes' if argument.get('required') else 'No',
                 description=md_engine.convert(description),
             ))