Commit 421edd35 authored by Robert Speicher's avatar Robert Speicher

Escape normal text in our Redcarpet renderer

parent 588267b5
class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML require 'active_support/core_ext/string/output_safety'
class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML
attr_reader :template attr_reader :template
alias_method :h, :template alias_method :h, :template
...@@ -21,6 +22,7 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML ...@@ -21,6 +22,7 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML
def normal_text(text) def normal_text(text)
return text unless text.present? return text unless text.present?
text = ERB::Util.html_escape_once(text)
text.gsub("'", "&rsquo;") text.gsub("'", "&rsquo;")
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment