Fix sanitization of smileys like <_< and <3.

2014-01-26 18:38:47 +05:30 · 2014-01-26 18:38:47 +05:30 · fad88c6cf3
commit fad88c6cf3
parent c930fe41b2
2 changed files with 3 additions and 0 deletions
--- a/app/assets/javascripts/discourse/lib/markdown.js
+++ b/app/assets/javascripts/discourse/lib/markdown.js
@ -154,6 +154,7 @@ Discourse.Markdown = {
  **/
  sanitize: function(text) {
    if (!window.html_sanitize) return "";
+    text = text.replace(/<([^A-Za-z\/]|$)/g, "&lt;$1");
    return window.html_sanitize(text, Discourse.Markdown.urlAllowed, Discourse.Markdown.nameIdClassAllowed);
  },