From c811f30e753a4795e6f15962144a9094e9baa2d7 Mon Sep 17 00:00:00 2001
From: zPlus <->
Date: Fri, 22 Apr 2016 18:02:54 +0200
Subject: [PATCH] Fix Markdown->HTML conversion

---
 template/comment.twig | 2 +-
 twig.php              | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/template/comment.twig b/template/comment.twig
index b29fe295..df2fc385 100644
--- a/template/comment.twig
+++ b/template/comment.twig
@@ -40,7 +40,7 @@
             </div>
             
             <div class="text">
-                    {{ comment.text|markdown|raw }}
+                {{ comment.text|markdown|raw }}
             </div>
         </div>
         
diff --git a/twig.php b/twig.php
index d64436c9..f69390da 100644
--- a/twig.php
+++ b/twig.php
@@ -5,6 +5,7 @@ require_once 'database.php';
 require_once 'date.php';
 require_once 'parsedown.php';
 require_once 'template/Twig/Autoloader.php';
+require_once 'htmlpurifier/HTMLPurifier.standalone.php';
 
 Twig_Autoloader::register();
 
@@ -34,7 +35,11 @@ $twig->addFilter ('ago', new Twig_Filter_Function (function ($datetime) {
 $twig->addFilter ('markdown', new Twig_Filter_Function(function ($markdown) {
     $parsedown = new Parsedown ();
     
-    return $parsedown->text (htmlspecialchars ($markdown));
+    $purifier_settings = HTMLPurifier_Config::createDefault ();
+    $purifier_settings->set ('Core', 'EscapeInvalidTags', true);
+    $purifier = new HTMLPurifier ($purifier_settings);
+    
+    return $purifier->purify ($parsedown->text ($markdown));
 }));
 
 // Return document root