From 8821986d87b36b8b5ea311bcb73d348dc0bed262 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 20 Mar 2017 19:50:09 -0700
Subject: after all of this, I would be very hesitant to use any multi-user
 system which uses markdown and which doesn't have a large security budget.

---
 Zotlabs/Lib/MarkdownSoap.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Zotlabs/Lib/MarkdownSoap.php')

diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php
index cf1446f45..e5f3c81dd 100644
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -82,7 +82,7 @@ class MarkdownSoap {
 		$s = str_replace(' ','&nbsp;',$s);
 		$s = purify_html($s);
 		$s = str_replace(['&nbsp;', mb_convert_encoding('&#x00a0;','UTF-8','HTML-ENTITIES')], [ ' ', ' ' ],$s);
-		$s = str_replace(['<br>','<br />'],["\n","\n"],$s);
+		$s = str_replace(['<br>','<br />', '&lt;', '&gt;' ],["\n","\n", '<', '>'],$s);
 		return $s;
 	}
 
-- 
cgit v1.2.3