heluecht/friendica-addons
1
0
Fork 0
forked from friendica/friendica-addons
Code Issues Pull requests Packages Projects Releases Wiki Activity

[markdown] Escape HTML characters before running Markdown::toBBCode()

Browse source 
- This prevents HTML tag looking text to be purified in the Markdown to BBCode process
This commit is contained in:
Hypolite Petovan 2021-10-14 02:11:53 -04:00
parent 31635cf6c3
commit 43b0b5a0e4
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
markdown/markdown.php
View file

@ -56,6 +56,10 @@ function markdown_post_local_start(App $a, &$request) {
// Escape mentions which username can contain Markdown-like characters
// See https://github.com/friendica/friendica/issues/9486
return \Friendica\Util\Strings::performWithEscapedBlocks($body, '/[@!][^@\s]+@[^\s]+\w/', function ($text) {
// Markdown accepts literal HTML but we do not in post body, so we need to escape all chevrons
// See https://github.com/friendica/friendica/issues/10634
$text = \Friendica\Util\Strings::escapeHtml($text);
return Markdown::toBBCode($text);
});
}