From 233dbf72df45d3b713fda0b8bf28c94c504defa5 Mon Sep 17 00:00:00 2001 From: Ben Alpert Date: Mon, 13 Apr 2015 15:53:27 -0700 Subject: [PATCH] Use marked instead of Showdown and escape HTML See facebook/react#3663. --- public/index.html | 2 +- public/scripts/example.js | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/public/index.html b/public/index.html index 0c3a3387..c6220169 100644 --- a/public/index.html +++ b/public/index.html @@ -7,7 +7,7 @@ - +

diff --git a/public/scripts/example.js b/public/scripts/example.js index 4fa306b8..c547e038 100644 --- a/public/scripts/example.js +++ b/public/scripts/example.js @@ -10,11 +10,9 @@ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -var converter = new Showdown.converter(); - var Comment = React.createClass({ render: function() { - var rawMarkup = converter.makeHtml(this.props.children.toString()); + var rawMarkup = marked(this.props.children.toString(), {sanitize: true}); return (