From d8ffa36bc609344b881a49ef6a9c4a908d67e0d4 Mon Sep 17 00:00:00 2001
From: Stefan Markovic <57057282+stefansjfw@users.noreply.github.com>
Date: Mon, 25 Sep 2023 15:24:25 +0200
Subject: [PATCH] Escape > with &gt; and quotes with &quot; in style attribute
 (#28762)

---
 .../previewpane/common/Utilities/SvgPreviewHandlerHelper.cs     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/previewpane/common/Utilities/SvgPreviewHandlerHelper.cs b/src/modules/previewpane/common/Utilities/SvgPreviewHandlerHelper.cs
index 5cb346d70e..d9623b8490 100644
--- a/src/modules/previewpane/common/Utilities/SvgPreviewHandlerHelper.cs
+++ b/src/modules/previewpane/common/Utilities/SvgPreviewHandlerHelper.cs
@@ -210,7 +210,7 @@ namespace Common.Utilities
 
             // max-width and max-height not supported. Extra CSS is needed for it to work.
             string scaling = $"max-width: {width} ; max-height: {height} ;";
-            scaling += $"  _height:expression(this.scrollHeight > {heightR} ? \" {height}\" : \"auto\"); _width:expression(this.scrollWidth > {widthR} ? \"{width}\" : \"auto\");";
+            scaling += $"  _height:expression(this.scrollHeight &gt; {heightR} ? &quot; {height}&quot; : &quot;auto&quot;); _width:expression(this.scrollWidth &gt; {widthR} ? &quot;{width}&quot; : &quot;auto&quot;);";
 
             string newStyle = $"style=\"{scaling}{centering}{oldStyle}\"";
             int insertAt = stringSvgData.IndexOf(">", StringComparison.InvariantCultureIgnoreCase);