Merge pull request #751 from metamaps/feature/markdown-xss-safe

enable xss filtering and smart quote replacement in markdown
2016-10-09 10:23:00 +08:00 · 2016-10-09 10:23:00 +08:00 · 56d3ef8bea
parent 9ac24f7468 ba9e26bc05
commit 56d3ef8bea
1 changed files with 3 additions and 1 deletions
--- a/frontend/src/Metamaps/Util.js
+++ b/frontend/src/Metamaps/Util.js
@ -123,7 +123,9 @@ const Util = {
    return (url.match(/^https?:\/\/(?:www\.)?youtube.com\/watch\?(?=[^?]*v=\w+)(?:[^\s?]+)?$/) != null)
  },
  mdToHTML: text => {
-    return new HtmlRenderer().render(new Parser().parse(text))
+    // use safe: true to filter xss
+    return new HtmlRenderer({ safe: true, smart: true })
+      .render(new Parser().parse(text))
  }
 }