From f1b4266843aab803e9eb82b3ea35a9a5c479c0c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hu=C3=A1ng=20J=C3=B9nli=C3=A0ng?= <i@jhuang.me>
Date: Fri, 1 Dec 2017 08:15:57 +0800
Subject: [PATCH] fix(toc): title should escape html entities

Fixes #2198, Closes #2437
---
 lib/plugins/helper/toc.js   | 2 +-
 test/scripts/helpers/toc.js | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/plugins/helper/toc.js b/lib/plugins/helper/toc.js
index 5f3f7e5f90..ef7d058c7a 100644
--- a/lib/plugins/helper/toc.js
+++ b/lib/plugins/helper/toc.js
@@ -25,7 +25,7 @@ function tocHelper(str, options) {
   headings.each(function() {
     var level = +this.name[1];
     var id = $(this).attr('id');
-    var text = $(this).text();
+    var text = $(this).html();
 
     lastNumber[level - 1]++;
 
diff --git a/test/scripts/helpers/toc.js b/test/scripts/helpers/toc.js
index 8b3528ef16..c4e0a84a0e 100644
--- a/test/scripts/helpers/toc.js
+++ b/test/scripts/helpers/toc.js
@@ -16,7 +16,8 @@ describe('toc', () => {
     '<h2 id="title_1_3">Title 1.3</h2>',
     '<h3 id="title_1_3_1">Title 1.3.1</h3>',
     '<h1 id="title_2">Title 2</h1>',
-    '<h2 id="title_2_1">Title 2.1</h2>'
+    '<h2 id="title_2_1">Title 2.1</h2>',
+    '<h1 id="title_3">Title should escape &amp;, &lt;, &apos;, and &quot;</h1>'
   ].join('');
 
   var genResult = options => {
@@ -102,6 +103,12 @@ describe('toc', () => {
           '<span class="' + className + '-text">Title 2</span>',
         '</a>',
         ifTrue(maxDepth >= 2, resultTitle_2_1, ''),
+      '</li>',
+      '<li class="' + className + '-item ' + className + '-level-1">',
+      '<a class="' + className + '-link" href="#title_3">',
+      ifTrue(listNumber, '<span class="' + className + '-number">3.</span> ', ''),
+      '<span class="' + className + '-text">Title should escape &amp;, &lt;, &apos;, and &quot;</span>',
+      '</a>',
       '</li>'
     ].join('');