diff --git a/template/comment.twig b/template/comment.twig index b29fe29..df2fc38 100644 --- a/template/comment.twig +++ b/template/comment.twig @@ -40,7 +40,7 @@
- {{ comment.text|markdown|raw }} + {{ comment.text|markdown|raw }}
diff --git a/twig.php b/twig.php index d64436c..f69390d 100644 --- a/twig.php +++ b/twig.php @@ -5,6 +5,7 @@ require_once 'database.php'; require_once 'date.php'; require_once 'parsedown.php'; require_once 'template/Twig/Autoloader.php'; +require_once 'htmlpurifier/HTMLPurifier.standalone.php'; Twig_Autoloader::register(); @@ -34,7 +35,11 @@ $twig->addFilter ('ago', new Twig_Filter_Function (function ($datetime) { $twig->addFilter ('markdown', new Twig_Filter_Function(function ($markdown) { $parsedown = new Parsedown (); - return $parsedown->text (htmlspecialchars ($markdown)); + $purifier_settings = HTMLPurifier_Config::createDefault (); + $purifier_settings->set ('Core', 'EscapeInvalidTags', true); + $purifier = new HTMLPurifier ($purifier_settings); + + return $purifier->purify ($parsedown->text ($markdown)); })); // Return document root