From 842a5c8cf5cb6526dc880fd8bc5fedd2ecfc544c Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Wed, 28 Sep 2016 00:30:59 -0700
Subject: [PATCH] use safe markdown for comments to prevent xss

---
 b.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/b.rb b/b.rb
index 432bbc2..b5e2aa9 100644
--- a/b.rb
+++ b/b.rb
@@ -126,7 +126,7 @@ EOF
   end
 
   def comment_html(comment, date)
-    inner = Redcarpet::Markdown.new(Redcarpet::Render::HTML, fenced_code_blocks: true).render(<<EOF)
+    inner = Redcarpet::Markdown.new(Redcarpet::Render::Safe, fenced_code_blocks: true).render(<<EOF)
 #{comment}
 <span class="comment-date">#{Time.at(date).strftime("%b %-d '%y")}</span>
 EOF
-- 
2.30.2