[markdown] Limit HTML escaping to left chevrons

- Right chevrons are used for quotation in Markdown

diff --git a/markdown/markdown.php b/markdown/markdown.php
index 5e819fb57a6a507bc8b8ab5bba5ee1ffc66ad518..fe533147a7e8303576dfb613d2ac62990a833861 100644 (file)
--- a/markdown/markdown.php
+++ b/markdown/markdown.php
@@ -56,9 +56,10 @@ function markdown_post_local_start(App $a, &$request) {
                        // Escape mentions which username can contain Markdown-like characters
                        // See https://github.com/friendica/friendica/issues/9486
                        return \Friendica\Util\Strings::performWithEscapedBlocks($body, '/[@!][^@\s]+@[^\s]+\w/', function ($text) {
-                               // Markdown accepts literal HTML but we do not in post body, so we need to escape all chevrons
+                               // Markdown accepts literal HTML but we do not in post body, so we need to escape left chevrons
+                               // (right chevrons are used for quoting in Markdown)
                                // See https://github.com/friendica/friendica/issues/10634
-                               $text = \Friendica\Util\Strings::escapeHtml($text);
+                               $text = strtr($text, ['<' => '&lt;']);
 
                                return Markdown::toBBCode($text);
                        });