diff options
| author | Florian Orben <florian.orben@gmail.com> | 2015-10-28 19:36:34 +0100 |
|---|---|---|
| committer | Florian Orben <florian.orben@gmail.com> | 2015-10-29 17:26:34 +0100 |
| commit | bad01d40a2c9354573bfe1c4b9d33a05ffbe9b0f (patch) | |
| tree | 07ab01c2982a9a42da3053090b813cdba478e971 /web | |
| parent | 742424228414793e6aaa06ce8a9de182cdfb2957 (diff) | |
| download | chat-bad01d40a2c9354573bfe1c4b9d33a05ffbe9b0f.tar.gz chat-bad01d40a2c9354573bfe1c4b9d33a05ffbe9b0f.tar.bz2 chat-bad01d40a2c9354573bfe1c4b9d33a05ffbe9b0f.zip | |
escape user input
Diffstat (limited to 'web')
| -rw-r--r-- | web/react/utils/markdown.jsx | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/react/utils/markdown.jsx b/web/react/utils/markdown.jsx index b5d239eb5..84690150a 100644 --- a/web/react/utils/markdown.jsx +++ b/web/react/utils/markdown.jsx @@ -108,13 +108,13 @@ class MattermostMarkdownRenderer extends marked.Renderer { code(code, language) { if (!language || highlightJs.listLanguages().indexOf(language) < 0) { let parsed = super.code(code, language); - return '<code class="hljs">' + $(parsed).text() + '</code>'; + return '<div class="post-body--code"><code class="hljs">' + TextFormatting.sanitizeHtml($(parsed).text()) + '</code></div>'; } let parsed = highlightJs.highlight(language, code); return '<div class="post-body--code">' + '<span class="post-body--code__language">' + HighlightedLanguages[language] + '</span>' + - '<code style="white-space: pre;" class="hljs">' + parsed.value + '</code>' + + '<code class="hljs">' + parsed.value + '</code>' + '</div>'; } |