From 9731bd4731729c29c2a7be208275131b4e69940e Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 21 May 2015 21:16:59 -0400
Subject: [PATCH] Merged #246 "Option to extract user metadata from container HTTP session"

---
 src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
index fbce789..ade92c0 100644
--- a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
+++ b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
@@ -37,7 +37,6 @@
 
 	public MarkdownTextArea(String id, final IModel<String> previewModel, final Label previewLabel) {
 		super(id);
-		this.repositoryName = repositoryName;
 		setModel(new PropertyModel(this, "text"));
 		add(new AjaxFormComponentUpdatingBehavior("onblur") {
 			private static final long serialVersionUID = 1L;
@@ -71,7 +70,8 @@
 			return;
 		}
 		String html = MarkdownUtils.transformGFM(GitBlitWebApp.get().settings(), text, repositoryName);
-		previewModel.setObject(html);
+		String safeHtml = GitBlitWebApp.get().xssFilter().relaxed(html);
+		previewModel.setObject(safeHtml);
 	}
 
 	public String getText() {

--
Gitblit v1.9.1