Skip to content

Commit

Permalink
[IM] Prevent XSS / JS interpretation in preview boxes [ref: 555-9-9]
Browse files Browse the repository at this point in the history
  • Loading branch information
@barryo
barryo committed Oct 21, 2022
1 parent 2889be9 commit 083d17e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app/Http/Controllers/Api/V4/UtilsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ public function markdown( Request $r ): JsonResponse
{
$pd = new Parsedown();
return response()->json([
'html' => $pd->text( $r->text )
'html' => htmlspecialchars( $pd->text( $r->text ) )
]);
}
}

0 comments on commit 083d17e

Please sign in to comment.