use safe markdown for comments to prevent xss

author Ian Kelling <ian@iankelling.org>

Wed, 28 Sep 2016 07:30:59 +0000 (00:30 -0700)

committer Ian Kelling <ian@iankelling.org>

Wed, 28 Sep 2016 07:30:59 +0000 (00:30 -0700)
author Ian Kelling <ian@iankelling.org>
Wed, 28 Sep 2016 07:30:59 +0000 (00:30 -0700)
committer Ian Kelling <ian@iankelling.org>
Wed, 28 Sep 2016 07:30:59 +0000 (00:30 -0700)
diff --git a/b.rb b/b.rb

index 432bbc2b384572a85be34cf85d52009b8ef02269..b5e2aa91bb94782a20a18316717492f4d92cc626 100644 (file)
--- a/b.rb
+++ b/b.rb
@@ -126,7 +126,7 @@ EOF
    end
  
    def comment_html(comment, date)
    end
  
    def comment_html(comment, date)
-    inner = Redcarpet::Markdown.new(Redcarpet::Render::HTML, fenced_code_blocks: true).render(<<EOF)
+    inner = Redcarpet::Markdown.new(Redcarpet::Render::Safe, fenced_code_blocks: true).render(<<EOF)
  #{comment}
  <span class="comment-date">#{Time.at(date).strftime("%b %-d '%y")}</span>
  EOF
  #{comment}
  <span class="comment-date">#{Time.at(date).strftime("%b %-d '%y")}</span>
  EOF
author	Ian Kelling <ian@iankelling.org>
	Wed, 28 Sep 2016 07:30:59 +0000 (00:30 -0700)
committer	Ian Kelling <ian@iankelling.org>
	Wed, 28 Sep 2016 07:30:59 +0000 (00:30 -0700)