```ruby klass = ' class="section-nav"' if root result[:toc] << "<ul#{klass}>" children.each { |child| push_anchor(child) } result[:toc] << '</ul>' ``` ```ruby result[:toc] << %(<li><a href="##{header_node.href}">#{header_node.text}</a>) push_toc(header_node.children) result[:toc] << '</li>' ``` This is spooky! The `HeaderNode` class runs `CGI.escape` and `CGI.escapeHTML` on the properties that become its attributes, which is unexpected but causes this to be safe … _for now_. We should piece things together with Nokogiri's DOM and never write out HTML manually like this; the `HeaderNode`'s attributes shouldn't be "pre-escaped".