Permalink
Browse files

Render Markdown unescaped to avoid double-escaping of backslashes.

This may introduce XSS issues. Please review :)
  • Loading branch information...
janl committed Aug 9, 2010
1 parent b5acfdd commit d4cbb9d69d9cc7bc49a8ec81794087ffec9d29e3
Showing with 1 addition and 1 deletion.
  1. +1 −1 evently/wiki/edit/mustache.html
@@ -5,7 +5,7 @@
<p><label>Title: <input type="text" name="title" value="{{title}}"></label></p>
<input type="hidden" name="_rev" value="{{_rev}}">
<input type="hidden" name="_id" value="{{_id}}">
- <textarea name="markdown" rows="30" cols="70">{{markdown}}</textarea>
+ <textarea name="markdown" rows="30" cols="70">{{{markdown}}}</textarea>
<p><label>Optional description: <input size="60" type="text" name="note" value="{{note}}"></label>
<input type="submit" value="Save Changes">
</p>

0 comments on commit d4cbb9d

Please sign in to comment.