From c811f30e753a4795e6f15962144a9094e9baa2d7 Mon Sep 17 00:00:00 2001
From: zPlus <->
Date: Fri, 22 Apr 2016 18:02:54 +0200
Subject: [PATCH] Fix Markdown->HTML conversion
---
template/comment.twig | 2 +-
twig.php | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/template/comment.twig b/template/comment.twig
index b29fe295..df2fc385 100644
--- a/template/comment.twig
+++ b/template/comment.twig
@@ -40,7 +40,7 @@
- {{ comment.text|markdown|raw }}
+ {{ comment.text|markdown|raw }}
diff --git a/twig.php b/twig.php
index d64436c9..f69390da 100644
--- a/twig.php
+++ b/twig.php
@@ -5,6 +5,7 @@ require_once 'database.php';
require_once 'date.php';
require_once 'parsedown.php';
require_once 'template/Twig/Autoloader.php';
+require_once 'htmlpurifier/HTMLPurifier.standalone.php';
Twig_Autoloader::register();
@@ -34,7 +35,11 @@ $twig->addFilter ('ago', new Twig_Filter_Function (function ($datetime) {
$twig->addFilter ('markdown', new Twig_Filter_Function(function ($markdown) {
$parsedown = new Parsedown ();
- return $parsedown->text (htmlspecialchars ($markdown));
+ $purifier_settings = HTMLPurifier_Config::createDefault ();
+ $purifier_settings->set ('Core', 'EscapeInvalidTags', true);
+ $purifier = new HTMLPurifier ($purifier_settings);
+
+ return $purifier->purify ($parsedown->text ($markdown));
}));
// Return document root