after all of this, I would be very hesitant to use any multi-user system which uses markdown and which doesn't have a large security budget.

1 files changed, 1 insertions, 1 deletions

diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php
index cf1446f45..e5f3c81dd 100644
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -82,7 +82,7 @@ class MarkdownSoap {
 		$s = str_replace(' ',' ',$s);
 		$s = purify_html($s);
 		$s = str_replace([' ', mb_convert_encoding(' ','UTF-8','HTML-ENTITIES')], [ ' ', ' ' ],$s);
-		$s = str_replace(['<br>','<br />'],["\n","\n"],$s);
+		$s = str_replace(['<br>','<br />', '&lt;', '&gt;' ],["\n","\n", '<', '>'],$s);
 		return $s;
 	}