From 9d9e6e2972bde40d6d430799dbe47a50baa0d7f8 Mon Sep 17 00:00:00 2001
From: Greyson Parrelli <greyson@signal.org>
Date: Thu, 3 Mar 2022 09:40:55 -0500
Subject: [PATCH] Ensure inner html is escaped when bolding.

Fixes #12033
---
 .../main/java/org/thoughtcrime/securesms/util/HtmlUtil.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/src/main/java/org/thoughtcrime/securesms/util/HtmlUtil.java b/app/src/main/java/org/thoughtcrime/securesms/util/HtmlUtil.java
index 186c69bd50..04a6cc401a 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/util/HtmlUtil.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/util/HtmlUtil.java
@@ -1,9 +1,11 @@
 package org.thoughtcrime.securesms.util;
 
+import android.text.Html;
+
 import androidx.annotation.NonNull;
 
 public class HtmlUtil {
   public static @NonNull String bold(@NonNull String target) {
-    return "<b>" + target + "</b>";
+    return "<b>" + Html.escapeHtml(target) + "</b>";
   }
 }