From 61865af823fe31f477eac413e9cc7cb6390241c3 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 17 Sep 2014 13:59:09 -0400
Subject: [PATCH] Merge branch 'ticket/181' into develop

---
 src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
index 6e06e5b..ade92c0 100644
--- a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
+++ b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
@@ -20,12 +20,12 @@
 import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.form.TextArea;
+import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.PropertyModel;
 import org.apache.wicket.util.time.Duration;
 
 import com.gitblit.utils.MarkdownUtils;
 import com.gitblit.wicket.GitBlitWebApp;
-import com.gitblit.wicket.SafeTextModel;
 
 public class MarkdownTextArea extends TextArea {
 
@@ -35,7 +35,7 @@
 
 	protected String text = "";
 
-	public MarkdownTextArea(String id, final SafeTextModel previewModel, final Label previewLabel) {
+	public MarkdownTextArea(String id, final IModel<String> previewModel, final Label previewLabel) {
 		super(id);
 		setModel(new PropertyModel(this, "text"));
 		add(new AjaxFormComponentUpdatingBehavior("onblur") {
@@ -65,12 +65,13 @@
 		setOutputMarkupId(true);
 	}
 
-	protected void renderPreview(SafeTextModel previewModel) {
+	protected void renderPreview(IModel<String> previewModel) {
 		if (text == null) {
 			return;
 		}
 		String html = MarkdownUtils.transformGFM(GitBlitWebApp.get().settings(), text, repositoryName);
-		previewModel.setObject(html);
+		String safeHtml = GitBlitWebApp.get().xssFilter().relaxed(html);
+		previewModel.setObject(safeHtml);
 	}
 
 	public String getText() {

--
Gitblit v1.9.1