From ec4661fe44540dffe9067750db9793dc8891d80f Mon Sep 17 00:00:00 2001
From: SphericalKat <amolele@gmail.com>
Date: Fri, 8 Oct 2021 02:19:58 +0530
Subject: [PATCH] fix(pastes): add stricter sanitization for markdown content

Signed-off-by: SphericalKat <amolele@gmail.com>
---
 lib/ketbin_web/templates/page/show.html.heex | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ketbin_web/templates/page/show.html.heex b/lib/ketbin_web/templates/page/show.html.heex
index 2022e51..d08decc 100644
--- a/lib/ketbin_web/templates/page/show.html.heex
+++ b/lib/ketbin_web/templates/page/show.html.heex
@@ -9,8 +9,8 @@
 		<% end %>
 	</div>
 	<%= if @extension == "md" do%>
-		<div class="break-word px-6 py-4 h-full w-full markdown overflow-y-auto"><%= raw Earmark.as_html!(@paste.content, escape: true, gfm_tables: true) |> HtmlSanitizeEx.html5 %></div>
+		<div class="break-word px-6 py-4 h-full w-full markdown overflow-y-auto"><%= raw Earmark.as_html!(@paste.content, escape: true, gfm_tables: true) |> HtmlSanitizeEx.markdown_html %></div>
 	<% else %>
-		<code class="break-word px-6 py-4 h-full w-full overflow-y-auto"><%= raw Ketbin.Utils.Syntax.highlight_text(@paste.content, @extension) |> HtmlSanitizeEx.html5 %></code>
+		<code class="break-word px-6 py-4 h-full w-full overflow-y-auto"><%= raw Ketbin.Utils.Syntax.highlight_text(@paste.content, @extension) |> HtmlSanitizeEx.strip_tags %></code>
 	<% end %>
 </div>