From 5af79e405defa34ea82c9659f945571d3e2f55af Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Wed, 25 Jan 2017 16:29:53 -0500
Subject: [PATCH] disallow images in topic card markdown

---
 frontend/src/Metamaps/Util.js | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/frontend/src/Metamaps/Util.js b/frontend/src/Metamaps/Util.js
index c0c3d7ce..5bfe9303 100644
--- a/frontend/src/Metamaps/Util.js
+++ b/frontend/src/Metamaps/Util.js
@@ -1,6 +1,6 @@
 /* global $ */
 
-import { Parser, HtmlRenderer } from 'commonmark'
+import { Parser, HtmlRenderer, Node } from 'commonmark'
 import { emojiIndex } from 'emoji-mart'
 import { escapeRegExp } from 'lodash'
 
@@ -135,9 +135,27 @@ const Util = {
   },
   mdToHTML: text => {
     const safeText = text || ''
+    const parsed = new Parser().parse(safeText)
+
+    // remove images to avoid http content in https context
+    const walker = parsed.walker()
+    let event
+    while (event = walker.next()) {
+      const node = event.node
+      if (node.type === 'image') {
+        const imageAlt = node.firstChild.literal
+        const imageSrc = node.destination
+        const textNode = new Node('text', node.sourcepos)
+        textNode.literal = `![${imageAlt}](${imageSrc})`
+
+        node.insertBefore(textNode)
+        node.unlink() // remove the image, replacing it with markdown
+        walker.resumeAt(textNode, false)
+      }
+    }
+
     // use safe: true to filter xss
-    return new HtmlRenderer({ safe: true })
-      .render(new Parser().parse(safeText))
+    return new HtmlRenderer({ safe: true }).render(parsed)
   },
   logCanvasAttributes: function(canvas) {
     const fakeMgraph = { canvas }