From 9fd011e9f982b8a343d4b182126bf19179725888 Mon Sep 17 00:00:00 2001
From: gwleuverink <willem@leuver.ink>
Date: Thu, 15 Aug 2024 22:46:56 +0200
Subject: [PATCH] allow quotes in todo's

---
 src/CommentsPrecompiler.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/CommentsPrecompiler.php b/src/CommentsPrecompiler.php
index eb6e1b1..8a6e37c 100644
--- a/src/CommentsPrecompiler.php
+++ b/src/CommentsPrecompiler.php
@@ -27,7 +27,7 @@ protected static function compileTodosMark($view, $openComment, $closeComment)
         // Process each match
         foreach ($matches as $match) {
             $fullComment = $match[0];  // Full comment including {{-- and --}}
-            $commentBody = self::trimColons($match[1]);  // Comment body without {{-- TODO: and --}}
+            $commentBody = htmlspecialchars(self::trimColons($match[1]));  // Comment body without {{-- TODO: and --}}
 
             $magicTodoComponent = <<< BLADE
             <x-magic-todo::highlight todo="{$commentBody}" />
@@ -60,7 +60,7 @@ protected static function compileWrappedBladeTodos($view, $openComment, $closeCo
         foreach ($matches as $match) {
 
             $todoBlock = trim($match[1]); // Everything between TODO & ENDTODO including the wrapping comments
-            $todoComment = self::trimColons($match[2]);  // Just the text inside the TODO comment
+            $todoComment = htmlspecialchars(self::trimColons($match[2]));  // Just the text inside the TODO comment
             $content = trim($match[3]);  // The content between TODO and ENDTODO
 
             $magicTodoComponent = <<< BLADE