diff --git a/libs/markdown.js b/libs/markdown.js index 0794c1898..edd0e4bd9 100644 --- a/libs/markdown.js +++ b/libs/markdown.js @@ -143,6 +143,22 @@ function sanitize(aHtml) { // Sanitize the output from the block level renderers blockRenderers.forEach(function (aType) { renderer[aType] = function () { + var matches = null; + var openTagName = null; + var closeTagName = null; + + // Begin workaround for #1775 + if (aType === 'html') { + matches = arguments[0].match(/^<([a-z]+)(?![^>]*\/>)[^>]*>$/); + if (matches) { + openTagName = matches[1]; + } + matches = arguments[0].match(/^<\/([a-z]+)>$/); + if (matches) { + closeTagName = matches[1]; + } + } + // Sanitize first to close any tags var sanitized = sanitize(marked.Renderer.prototype[aType].apply(renderer, arguments)); @@ -198,7 +214,18 @@ blockRenderers.forEach(function (aType) { } } - sanitized = hookNode.innerHTML + sanitized = hookNode.innerHTML; + } + + // End workaround for #1775 + if (aType === 'html') { + if (openTagName) { + sanitized = sanitized.replace(/<\/[a-z]+>/, ''); + } + + if (closeTagName) { + sanitized = ''; + } } return sanitized; diff --git a/package.json b/package.json index 2b280de94..7926ce78f 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "js-beautify": "1.14.9", "jsdom": "22.1.0", "less-middleware": "3.1.0", - "marked": "4.3.0", + "marked": "7.0.5", "media-type": "0.3.1", "method-override": "3.0.0", "mime-db": "1.52.0",