From cdafaed1afe32b2c018a28ec5a675cb6a6a22f01 Mon Sep 17 00:00:00 2001
From: dklawren <dklawren@users.noreply.github.com>
Date: Mon, 10 Feb 2020 23:14:56 -0500
Subject: [PATCH] Bug 1611281 - Double-escaping of '<' in code areas

---
 Bugzilla/Markdown.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Bugzilla/Markdown.pm b/Bugzilla/Markdown.pm
index 7842ae0f4..fdcd91e9a 100644
--- a/Bugzilla/Markdown.pm
+++ b/Bugzilla/Markdown.pm
@@ -65,13 +65,17 @@ sub render_html {
     return $html;
   }
 
-  $markdown =~ s{<(?!https?://)}{&lt;}gs;
+  # Replace < with \x{FFFD} (special unicode replacement character),
+  # and remove \x{FFFD} later.
+  $markdown =~ tr/\x{FFFD}//d;
+  $markdown =~ s{<(?!https?://)}{\x{FFFD}}gs;
 
   my @valid_text_parent_tags = ('h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'li', 'td');
   my @bad_tags               = qw( img );
   my $bugzilla_shorthand     = $self->bugzilla_shorthand;
   my $html                   = decode('UTF-8', $parser->render_html($markdown));
 
+  $html =~ s/\x{FFFD}/&lt;/g;
   my $dom = Mojo::DOM->new($html);
   $dom->find(join(', ', @bad_tags))->map('remove');
 
-- 
2.47.3