From 972b3450cfb363be08631a67cbf7807fe70fc2a6 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Sun, 29 Mar 2015 15:32:14 -0700
Subject: [PATCH] Run Purifier on Markdown's output, stop XSS bug

---
 inc/mod/pages.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 1a488509..20a0de71 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -3407,7 +3407,7 @@ function mod_edit_page($id) {
 	
 		switch ($method) {
 			case 'markdown': 
-				$write = markdown($content);
+				$write = purify_html(markdown($content));
 				break;
 			case 'html':
 				if (hasPermission($config['mod']['rawhtml'])) {