From 3286926d2ec11445f76cd170e4c2fcff597a0754 Mon Sep 17 00:00:00 2001
From: Fabrice Bacchella <fbacchella@spamcop.net>
Date: Tue, 26 May 2015 04:48:40 -0400
Subject: [PATCH] Two slight improvement for custom UserService: - try userRealm as a file only if class is not found, other exeptions are real error - log userService only after setup, for better logging, as it can use gitblit.properties for custom .toString

---
 src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
index f26f7fb..ade92c0 100644
--- a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
+++ b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
@@ -70,7 +70,8 @@
 			return;
 		}
 		String html = MarkdownUtils.transformGFM(GitBlitWebApp.get().settings(), text, repositoryName);
-		previewModel.setObject(html);
+		String safeHtml = GitBlitWebApp.get().xssFilter().relaxed(html);
+		previewModel.setObject(safeHtml);
 	}
 
 	public String getText() {

--
Gitblit v1.9.1