From 2925687e1e86dc113116330efd547b9db5c0f1a6 Mon Sep 17 00:00:00 2001
From: ArthurHoaro <arthur@hoa.ro>
Date: Fri, 19 Feb 2016 19:37:13 +0100
Subject: Markdown: don't escape content + sanitize sensible tags

Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
---
 application/Utils.php | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'application')

diff --git a/application/Utils.php b/application/Utils.php
index 10d60698..868946df 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -62,13 +62,29 @@ function endsWith($haystack, $needle, $case=true)
 }
 
 /**
- * htmlspecialchars wrapper
+ * Htmlspecialchars wrapper
+ *
+ * @param string $str the string to escape.
+ *
+ * @return string escaped.
  */
 function escape($str)
 {
     return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
 }
 
+/**
+ * Reverse the escape function.
+ *
+ * @param string $str the string to unescape.
+ *
+ * @return string unescaped string.
+ */
+function unescape($str)
+{
+    return htmlspecialchars_decode($str);
+}
+
 /**
  * Link sanitization before templating
  */
-- 
cgit v1.2.3