mirror of
https://git.friendi.ca/friendica/friendica-addons.git
synced 2024-11-22 07:23:40 +00:00
[markdown] Escape HTML characters before running Markdown::toBBCode()
- This prevents HTML tag looking text to be purified in the Markdown to BBCode process
This commit is contained in:
parent
31635cf6c3
commit
43b0b5a0e4
1 changed files with 4 additions and 0 deletions
|
@ -56,6 +56,10 @@ function markdown_post_local_start(App $a, &$request) {
|
|||
// Escape mentions which username can contain Markdown-like characters
|
||||
// See https://github.com/friendica/friendica/issues/9486
|
||||
return \Friendica\Util\Strings::performWithEscapedBlocks($body, '/[@!][^@\s]+@[^\s]+\w/', function ($text) {
|
||||
// Markdown accepts literal HTML but we do not in post body, so we need to escape all chevrons
|
||||
// See https://github.com/friendica/friendica/issues/10634
|
||||
$text = \Friendica\Util\Strings::escapeHtml($text);
|
||||
|
||||
return Markdown::toBBCode($text);
|
||||
});
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue