From ba9e26bc05384a03e711dc5d443621138070a916 Mon Sep 17 00:00:00 2001
From: Devin Howard <devin@callysto.com>
Date: Sun, 9 Oct 2016 10:20:17 +0800
Subject: [PATCH] enable xss filtering and smart quote replacement in markdown

---
 frontend/src/Metamaps/Util.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/frontend/src/Metamaps/Util.js b/frontend/src/Metamaps/Util.js
index f1f8b39c..2e21f4e5 100644
--- a/frontend/src/Metamaps/Util.js
+++ b/frontend/src/Metamaps/Util.js
@@ -123,7 +123,9 @@ const Util = {
     return (url.match(/^https?:\/\/(?:www\.)?youtube.com\/watch\?(?=[^?]*v=\w+)(?:[^\s?]+)?$/) != null)
   },
   mdToHTML: text => {
-    return new HtmlRenderer().render(new Parser().parse(text))
+    // use safe: true to filter xss
+    return new HtmlRenderer({ safe: true, smart: true })
+      .render(new Parser().parse(text))
   }
 }