aboutsummaryrefslogtreecommitdiffhomepage
path: root/plugins/markdown
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2017-03-08 20:38:41 +0100
committerVirtualTam <virtualtam@flibidi.net>2017-03-08 20:38:41 +0100
commit1328d222680edf2ebdaea5624a7496240bd075f0 (patch)
treed515b37130d6ea07ff3ecccf9d6dd5a2ebf83ec0 /plugins/markdown
parentebd67c6e1b40aebdd3a52285ce9ff9412b2a3038 (diff)
downloadShaarli-1328d222680edf2ebdaea5624a7496240bd075f0.tar.gz
Shaarli-1328d222680edf2ebdaea5624a7496240bd075f0.tar.zst
Shaarli-1328d222680edf2ebdaea5624a7496240bd075f0.zip
security: escape HTML entities when using Markdown
Adapted from https://github.com/shaarli/Shaarli/pull/785 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'plugins/markdown')
-rw-r--r--plugins/markdown/markdown.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/markdown/markdown.php b/plugins/markdown/markdown.php
index 57fcce32..9d073fbd 100644
--- a/plugins/markdown/markdown.php
+++ b/plugins/markdown/markdown.php
@@ -218,7 +218,7 @@ function process_markdown($description)
218 $processedDescription = reverse_space2nbsp($processedDescription); 218 $processedDescription = reverse_space2nbsp($processedDescription);
219 $processedDescription = unescape($processedDescription); 219 $processedDescription = unescape($processedDescription);
220 $processedDescription = $parsedown 220 $processedDescription = $parsedown
221 ->setMarkupEscaped(false) 221 ->setMarkupEscaped(true)
222 ->setBreaksEnabled(true) 222 ->setBreaksEnabled(true)
223 ->text($processedDescription); 223 ->text($processedDescription);
224 $processedDescription = sanitize_html($processedDescription); 224 $processedDescription = sanitize_html($processedDescription);