diff options
author | VirtualTam <virtualtam@flibidi.net> | 2017-03-08 20:38:41 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2017-03-08 20:38:41 +0100 |
commit | 1328d222680edf2ebdaea5624a7496240bd075f0 (patch) | |
tree | d515b37130d6ea07ff3ecccf9d6dd5a2ebf83ec0 /plugins/markdown/markdown.php | |
parent | ebd67c6e1b40aebdd3a52285ce9ff9412b2a3038 (diff) | |
download | Shaarli-1328d222680edf2ebdaea5624a7496240bd075f0.tar.gz Shaarli-1328d222680edf2ebdaea5624a7496240bd075f0.tar.zst Shaarli-1328d222680edf2ebdaea5624a7496240bd075f0.zip |
security: escape HTML entities when using Markdown
Adapted from https://github.com/shaarli/Shaarli/pull/785
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'plugins/markdown/markdown.php')
-rw-r--r-- | plugins/markdown/markdown.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/markdown/markdown.php b/plugins/markdown/markdown.php index 57fcce32..9d073fbd 100644 --- a/plugins/markdown/markdown.php +++ b/plugins/markdown/markdown.php | |||
@@ -218,7 +218,7 @@ function process_markdown($description) | |||
218 | $processedDescription = reverse_space2nbsp($processedDescription); | 218 | $processedDescription = reverse_space2nbsp($processedDescription); |
219 | $processedDescription = unescape($processedDescription); | 219 | $processedDescription = unescape($processedDescription); |
220 | $processedDescription = $parsedown | 220 | $processedDescription = $parsedown |
221 | ->setMarkupEscaped(false) | 221 | ->setMarkupEscaped(true) |
222 | ->setBreaksEnabled(true) | 222 | ->setBreaksEnabled(true) |
223 | ->text($processedDescription); | 223 | ->text($processedDescription); |
224 | $processedDescription = sanitize_html($processedDescription); | 224 | $processedDescription = sanitize_html($processedDescription); |