From d7a6e80bb1d27475caed22f8bb33584416ee63a1 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete@docuseal.com>
Date: Tue, 11 Nov 2025 11:11:07 +0200
Subject: [PATCH] html escape font signature

---
 lib/submitters/generate_font_image.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/submitters/generate_font_image.rb b/lib/submitters/generate_font_image.rb
index b64580fc..b70d7450 100644
--- a/lib/submitters/generate_font_image.rb
+++ b/lib/submitters/generate_font_image.rb
@@ -20,6 +20,8 @@ module Submitters
     def call(text, font: nil)
       font = FONT_ALIASES[font] || font
 
+      text = ERB::Util.html_escape(text)
+
       text_image = Vips::Image.text(text, font:, fontfile: FONTS[font],
                                           width: WIDTH, height: HEIGHT, wrap: :none)