X-Git-Url: http://git.bytex64.net/?a=blobdiff_plain;f=www%2Fjssrc%2Fblerg%2FUtil.js;fp=www%2Fjssrc%2Fblerg%2FUtil.js;h=6e99f46a5b2c0104f4143dbd72a4a0da8724fb4f;hb=94a065048d8029cb407f61443761ad18fad6fa02;hp=8706f8140c78ef44ed23b41dad2db647597ab95b;hpb=1552dfc051b6bffa7bb841d5e21caf3dca598ff9;p=blerg.git

diff --git a/www/jssrc/blerg/Util.js b/www/jssrc/blerg/Util.js
index 8706f81..6e99f46 100644
--- a/www/jssrc/blerg/Util.js
+++ b/www/jssrc/blerg/Util.js
@@ -77,6 +77,8 @@ blerg.Util.blergFormat = function(text) {
                 out.push('<p>');
                 githubCodeMode = false;
             } else {
+                // Sanitize HTML input
+                l = l.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
                 out.push(l + "\n");
             }
             return;
@@ -94,6 +96,8 @@ blerg.Util.blergFormat = function(text) {
                 out.push('<pre>');
                 codeMode = true;
             }
+            // Sanitize HTML input
+            l = l.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
             out.push(l.substr(4) + "\n");
             return;
         } else {