gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

run comment through htmlspecialchars() if markdown parsing is enabled

Browse Source
This commit is contained in:
Uwe Steinmann 2023-04-22 19:41:41 +02:00
parent 511492fb5c
commit 28174e3a33
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
views/bootstrap/class.ViewDocument.php
View File

@ -421,7 +421,7 @@ $(document).ready( function() {
if($document->getComment()) {
if($settings->_markdownComments) {
$Parsedown = new Parsedown();
$comment = $Parsedown->text($document->getComment());
$comment = $Parsedown->text(htmlspecialchars($document->getComment()));
} else {
$comment = htmlspecialchars($document->getComment());
}
@ -773,7 +773,7 @@ $(document).ready( function() {
if($latestContent->getComment())
if($settings->_markdownComments) {
$Parsedown = new Parsedown();
$comment = $Parsedown->text($latestContent->getComment());
$comment = $Parsedown->text(htmlspecialchars($latestContent->getComment()));
print "<div class=\"content-comment\">".$comment."</div>";
} else {
$comment = htmlspecialchars($latestContent->getComment());