aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-03-20 19:50:09 -0700
committerMario Vavti <mario@mariovavti.com>2017-03-29 14:04:04 +0200
commitd95f7efea704069a49fc2d63a88dcba5fd80381f (patch)
tree5cdb99c9099ffbf0decbdd4defe8f4f51cd30511 /Zotlabs
parente97dd48b4c046bac86322d91a13fd55d0cf3a99f (diff)
downloadvolse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.tar.gz
volse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.tar.bz2
volse-hubzilla-d95f7efea704069a49fc2d63a88dcba5fd80381f.zip
after all of this, I would be very hesitant to use any multi-user system which uses markdown and which doesn't have a large security budget.
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Lib/MarkdownSoap.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php
index cf1446f45..e5f3c81dd 100644
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -82,7 +82,7 @@ class MarkdownSoap {
$s = str_replace(' ','&nbsp;',$s);
$s = purify_html($s);
$s = str_replace(['&nbsp;', mb_convert_encoding('&#x00a0;','UTF-8','HTML-ENTITIES')], [ ' ', ' ' ],$s);
- $s = str_replace(['<br>','<br />'],["\n","\n"],$s);
+ $s = str_replace(['<br>','<br />', '&lt;', '&gt;' ],["\n","\n", '<', '>'],$s);
return $s;
}