From 4611628554fead41c3bbce478a18dbe60fb3573c Mon Sep 17 00:00:00 2001
From: jasquat <2487833+jasquat@users.noreply.github.com>
Date: Wed, 5 Jun 2024 11:02:23 -0400
Subject: [PATCH] escape more characters when sanitizing for markdown (#1681)

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
---
 .../src/spiffworkflow_backend/services/jinja_service.py    | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/jinja_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/jinja_service.py
index 97f7601cc..5f7b2e3a3 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/jinja_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/jinja_service.py
@@ -33,8 +33,11 @@ class JinjaHelpers:
     @classmethod
     def sanitize_for_md(cls, value: str) -> str:
         """Sanitizes given value for markdown."""
-        sanitized_value = re.sub(r"([|])", r"\\\1", value)
-        return sanitized_value
+        # modified from https://github.com/python-telegram-bot/python-telegram-bot/blob/1fdaaac8094c9d76c34c8c8e8c9add16080e75e7/telegram/utils/helpers.py#L149
+        escape_chars = r"_*[]()~`>#+-=|{}!"
+        escaped_value = re.sub(f"([{re.escape(escape_chars)}])", r"\\\1", value)
+        escaped_value = escaped_value.replace("\n", "").replace("\r", "")
+        return escaped_value
 
 
 class JinjaService: