From 5f18c71d07e8ea0ac3f9053ad0a67c5380e613ef Mon Sep 17 00:00:00 2001
From: hmhealey <harrisonmhealey@gmail.com>
Date: Sat, 19 Sep 2015 11:01:38 -0400
Subject: Deferred to marked.js's html sanitization when markdown is enabled

---
 web/react/utils/text_formatting.jsx | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'web/react')

diff --git a/web/react/utils/text_formatting.jsx b/web/react/utils/text_formatting.jsx
index 537ddb394..47b56cc3c 100644
--- a/web/react/utils/text_formatting.jsx
+++ b/web/react/utils/text_formatting.jsx
@@ -21,7 +21,14 @@ export function formatText(text, options = {}) {
     // TODO remove me
     options.markdown = true;
 
-    let output = sanitizeHtml(text);
+    // wait until marked can sanitize the html so that we don't break markdown block quotes
+    let output;
+    if (!options.markdown) {
+        output = sanitizeHtml(text);
+    } else {
+        output = text;
+    }
+
     const tokens = new Map();
 
     // replace important words and phrases with tokens
@@ -40,7 +47,10 @@ export function formatText(text, options = {}) {
     // perform markdown parsing while we have an html-free input string
     if (options.markdown) {
         console.log('output before marked ' + output);
-        output = marked(output, {renderer: markdownRenderer});
+        output = marked(output, {
+            renderer: markdownRenderer,
+            sanitize: true
+        });
         console.log('output after marked ' + output);
     }
 
-- 
cgit v1.2.3-1-g7c22