]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/skins/default/media/js/wmd/showdown.js
projects / osqa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent XSS attacks with wmd using the google-caja html sanitizer.
[osqa.git] / forum / skins / default / media / js / wmd / showdown.js
diff --git a/forum/skins/default/media/js/wmd/showdown.js b/forum/skins/default/media/js/wmd/showdown.js
index 73a12f2d89a7ea490dc525e988aca0b6a1dcb626..c87fd45018de05ca2214eecfc7b8c6cfa79f5625 100644 (file)
--- a/forum/skins/default/media/js/wmd/showdown.js
+++ b/forum/skins/default/media/js/wmd/showdown.js
@@ -114,6 +114,7 @@ this.makeHtml = function(text) {
 // _EscapeSpecialCharsWithinTagAttributes(), so that any *'s or _'s in the <a>
 // and <img> tags get encoded.
 //
+    text = html_sanitize(text, function(url) {return url;}, function(id) {return id;});
 
        // Clear the global hashes. If we don't clear these, you get conflicts
        // from other articles when generating a page which contains more than
OSQA