Run Purifier on Markdown's output, stop XSS bug

2025-02-20 20:51:50 +01:00 · 2015-03-29 15:32:14 -07:00 · 2015-03-29 15:32:14 -07:00 · 972b3450cf
commit 972b3450cf
parent a04c9ee81d
1 changed files with 1 additions and 1 deletions
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@ -3407,7 +3407,7 @@ function mod_edit_page($id) {
 	
 		switch ($method) {
 			case 'markdown': 
-				$write = markdown($content);
+				$write = purify_html(markdown($content));
 				break;
 			case 'html':
 				if (hasPermission($config['mod']['rawhtml'])) {