friendica
/
friendica-addons
7
2
Fork 13
Code Issues 3 Pull Requests 2 Releases 16 Wiki Activity

Merge pull request #1191 from MrPetovan/bug/10634-markdown-html 

[markdown] Limit HTML escaping to left chevrons
This commit is contained in:
Tobias Diekershoff 2021-10-18 17:26:26 +02:00 committed by GitHub
parent c22cb063d7 54ef923499
commit d7fe20a1c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
markdown/markdown.php
View File

@ -56,9 +56,10 @@ function markdown_post_local_start(App $a, &$request) {
// Escape mentions which username can contain Markdown-like characters
// See https://github.com/friendica/friendica/issues/9486
return \Friendica\Util\Strings::performWithEscapedBlocks($body, '/[@!][^@\s]+@[^\s]+\w/', function ($text) {
// Markdown accepts literal HTML but we do not in post body, so we need to escape all chevrons
// Markdown accepts literal HTML but we do not in post body, so we need to escape left chevrons
// (right chevrons are used for quoting in Markdown)
// See https://github.com/friendica/friendica/issues/10634
$text = \Friendica\Util\Strings::escapeHtml($text);
$text = strtr($text, ['<' => '&lt;']);
return Markdown::toBBCode($text);
});