From d4ae63cb5939fde8188faad39c2237329ccf6978 Mon Sep 17 00:00:00 2001
From: alsotang <alsotang@gmail.com>
Date: Sun, 21 Sep 2014 20:53:25 +0800
Subject: [PATCH] fix xss

---
 common/render_helpers.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/common/render_helpers.js b/common/render_helpers.js
index 5d6af4b..4530431 100644
--- a/common/render_helpers.js
+++ b/common/render_helpers.js
@@ -13,14 +13,16 @@
 var marked = require('marked');
 var _ = require('lodash');
 var config = require('../config');
+var validator = require('validator');
 
 // Set default options
 var renderer = new marked.Renderer();
 
 renderer.code = function (code, lang) {
-  var language = lang && (' language-' + lang) || '';
-  return '<pre class="prettyprint' + language + '">'
-    + '<code>' + code.replace(/</g, '&lt;').replace(/>/g, '&gt;') + '</code>'
+  var language = lang && ('language-' + lang) || '';
+  language = validator.escape(language);
+  return '<pre class="prettyprint ' + language + '">'
+    + '<code>' + validator.escape(code) + '</code>'
     + '</pre>';
 };