From 6d50dee063ed2caa5f184c1f16c682263febe0cd Mon Sep 17 00:00:00 2001
From: Francis Lachapelle <flachapelle@inverse.ca>
Date: Tue, 29 Mar 2022 10:44:35 -0400
Subject: [PATCH] fix(core): encode reserved HTML characters in RTF parser

Fixes #5388
---
 SoObjects/SOGo/RTFHandler.m | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/SoObjects/SOGo/RTFHandler.m b/SoObjects/SOGo/RTFHandler.m
index 2b6c98f86c..f3283db8a3 100644
--- a/SoObjects/SOGo/RTFHandler.m
+++ b/SoObjects/SOGo/RTFHandler.m
@@ -1,5 +1,5 @@
 /*
-  Copyright (C) 2005-2013 Inverse inc.
+  Copyright (C) 2005-2022 Inverse inc.
 
   This file is part of SOGo.
 
@@ -23,6 +23,8 @@
 #include <Foundation/NSValue.h>
 #include <Foundation/NSException.h>
 
+#import <NGExtensions/NSString+misc.h>
+
 //
 // Useful macros
 //
@@ -1456,7 +1458,7 @@ - (NSMutableData *) parse
               else
                 active_charset = defaultCharset;
 
-              s = [NSString stringWithCharacters: &(active_charset[c])  length: 1];
+              s = [[NSString stringWithCharacters: &(active_charset[c])  length: 1] stringByEscapingHTMLString];
               d = [s dataUsingEncoding: NSUTF8StringEncoding];
               [_html appendData: d];
             }