escape HTML tags

Author: tomkralidis

pygeoapi/util.py

@@ -261,8 +261,14 @@ def to_json(dict_: dict, pretty: bool = False) -> str:
     else:
         indent = None
 
-    return json.dumps(dict_, default=json_serial, indent=indent,
-                      separators=(',', ':'))
+    LOGGER.debug('Dumping JSON')
+    json_dump = json.dumps(dict_, default=json_serial, indent=indent,
+                           separators=(',', ':'))
+
+    LOGGER.debug('Removing < and >')
+    json_dump = json_dump.replace('<', '&lt').replace('>', '&gt')
+
+    return json_dump
 
 
 def format_datetime(value: str, format_: str = DATETIME_FORMAT) -> str: