Enable Parsedown Safe Mode for XSS protection

Fixes #24186
mantisbt · Mar 30, 2018 · a5e043f · a5e043f
1 parent 518d752
commit a5e043f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/plugins/MantisCoreFormatting/core/MantisMarkdown.php b/plugins/MantisCoreFormatting/core/MantisMarkdown.php
@@ -66,6 +66,9 @@ public function __construct() {
 
 		# set the table class
 		$this->table_class = 'table table-nonfluid';
+
+		# XSS protection
+		$this->setSafeMode( true );
 	}
 
 	/**