From a8322992cce5c94c72fd27cc650db0d8b20fe8d1 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Sun, 4 Mar 2018 23:17:12 +0200
Subject: [PATCH] Escape HTML tags in quoted text of non-native replies

---
 mautrix_telegram/formatter/from_telegram.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mautrix_telegram/formatter/from_telegram.py b/mautrix_telegram/formatter/from_telegram.py
index 82b38c10..34d81e7f 100644
--- a/mautrix_telegram/formatter/from_telegram.py
+++ b/mautrix_telegram/formatter/from_telegram.py
@@ -93,7 +93,7 @@ async def _add_reply_header(source, text, html, evt, relates_to,
         content = event["content"]
         body = (content["formatted_body"]
                 if "formatted_body" in content
-                else content["body"])
+                else escape(content["body"]))
         sender = event['sender']
         puppet = pu.Puppet.get_by_mxid(sender, create=False)
         reply_displayname = puppet.displayname if puppet else sender