diff --git a/template/comment.twig b/template/comment.twig
index b29fe29..df2fc38 100644
--- a/template/comment.twig
+++ b/template/comment.twig
@@ -40,7 +40,7 @@
- {{ comment.text|markdown|raw }}
+ {{ comment.text|markdown|raw }}
diff --git a/twig.php b/twig.php
index d64436c..f69390d 100644
--- a/twig.php
+++ b/twig.php
@@ -5,6 +5,7 @@ require_once 'database.php';
require_once 'date.php';
require_once 'parsedown.php';
require_once 'template/Twig/Autoloader.php';
+require_once 'htmlpurifier/HTMLPurifier.standalone.php';
Twig_Autoloader::register();
@@ -34,7 +35,11 @@ $twig->addFilter ('ago', new Twig_Filter_Function (function ($datetime) {
$twig->addFilter ('markdown', new Twig_Filter_Function(function ($markdown) {
$parsedown = new Parsedown ();
- return $parsedown->text (htmlspecialchars ($markdown));
+ $purifier_settings = HTMLPurifier_Config::createDefault ();
+ $purifier_settings->set ('Core', 'EscapeInvalidTags', true);
+ $purifier = new HTMLPurifier ($purifier_settings);
+
+ return $purifier->purify ($parsedown->text ($markdown));
}));
// Return document root