From: dklawren <dklawren@users.noreply.github.com>
Date: Tue, 11 Feb 2020 04:14:56 +0000 (-0500)
Subject: Bug 1611281 - Double-escaping of '<' in code areas
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cdafaed1afe32b2c018a28ec5a675cb6a6a22f01;p=thirdparty%2Fbugzilla.git

Bug 1611281 - Double-escaping of '<' in code areas
---

diff --git a/Bugzilla/Markdown.pm b/Bugzilla/Markdown.pm
index 7842ae0f4..fdcd91e9a 100644
--- a/Bugzilla/Markdown.pm
+++ b/Bugzilla/Markdown.pm
@@ -65,13 +65,17 @@ sub render_html {
     return $html;
   }
 
-  $markdown =~ s{<(?!https?://)}{&lt;}gs;
+  # Replace < with \x{FFFD} (special unicode replacement character),
+  # and remove \x{FFFD} later.
+  $markdown =~ tr/\x{FFFD}//d;
+  $markdown =~ s{<(?!https?://)}{\x{FFFD}}gs;
 
   my @valid_text_parent_tags = ('h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'li', 'td');
   my @bad_tags               = qw( img );
   my $bugzilla_shorthand     = $self->bugzilla_shorthand;
   my $html                   = decode('UTF-8', $parser->render_html($markdown));
 
+  $html =~ s/\x{FFFD}/&lt;/g;
   my $dom = Mojo::DOM->new($html);
   $dom->find(join(', ', @bad_tags))->map('remove');