From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Thu, 14 Oct 2021 06:11:53 +0000 (-0400)
Subject: [markdown] Escape HTML characters before running Markdown::toBBCode()
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=43b0b5a0e4693704e7b0a14d6f928a2363db9d4c;p=friendica-addons.git

[markdown] Escape HTML characters before running Markdown::toBBCode()

- This prevents HTML tag looking text to be purified in the Markdown to BBCode process
---

diff --git a/markdown/markdown.php b/markdown/markdown.php
index 4f12e713..5e819fb5 100644
--- a/markdown/markdown.php
+++ b/markdown/markdown.php
@@ -56,6 +56,10 @@ function markdown_post_local_start(App $a, &$request) {
 			// Escape mentions which username can contain Markdown-like characters
 			// See https://github.com/friendica/friendica/issues/9486
 			return \Friendica\Util\Strings::performWithEscapedBlocks($body, '/[@!][^@\s]+@[^\s]+\w/', function ($text) {
+				// Markdown accepts literal HTML but we do not in post body, so we need to escape all chevrons
+				// See https://github.com/friendica/friendica/issues/10634
+				$text = \Friendica\Util\Strings::escapeHtml($text);
+
 				return Markdown::toBBCode($text);
 			});
 		}