From 7cf9dbecf611fbc38c006439e704ccc807fa5c0f Mon Sep 17 00:00:00 2001
From: Matt Bierner <matb@microsoft.com>
Date: Fri, 20 Dec 2024 10:52:07 -0800
Subject: [PATCH] Fix escaping of raw values that contain `&` in md preview

Fixes #236660
---
 extensions/markdown-language-features/src/util/dom.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/extensions/markdown-language-features/src/util/dom.ts b/extensions/markdown-language-features/src/util/dom.ts
index 0f6c00da9da..8bbce79c303 100644
--- a/extensions/markdown-language-features/src/util/dom.ts
+++ b/extensions/markdown-language-features/src/util/dom.ts
@@ -5,7 +5,10 @@
 import * as vscode from 'vscode';
 
 export function escapeAttribute(value: string | vscode.Uri): string {
-	return value.toString().replace(/"/g, '&quot;');
+	return value.toString()
+		.replace(/&/g, '&amp;')
+		.replace(/"/g, '&quot;')
+		.replace(/'/g, '&#39;');
 }
 
 export function getNonce() {