From 2fdefced2aeecc7c12f3de50f89c1590a6a088fc Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gmail.com>
Date: Tue, 24 Mar 2015 17:03:16 -0400
Subject: [PATCH] Merge pull request #250 from StephenKing/doc-rpc

---
 src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
index f26f7fb..ade92c0 100644
--- a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
+++ b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
@@ -70,7 +70,8 @@
 			return;
 		}
 		String html = MarkdownUtils.transformGFM(GitBlitWebApp.get().settings(), text, repositoryName);
-		previewModel.setObject(html);
+		String safeHtml = GitBlitWebApp.get().xssFilter().relaxed(html);
+		previewModel.setObject(safeHtml);
 	}
 
 	public String getText() {

--
Gitblit v1.9.1