From a5e043f0e3396e2b0d2bc5ad153c907a8a3ad0cd Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Thu, 29 Mar 2018 14:49:58 +0200
Subject: [PATCH] Enable Parsedown Safe Mode for XSS protection

Fixes #24186
---
 plugins/MantisCoreFormatting/core/MantisMarkdown.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/MantisCoreFormatting/core/MantisMarkdown.php b/plugins/MantisCoreFormatting/core/MantisMarkdown.php
index 18958bb323..e937eddac9 100644
--- a/plugins/MantisCoreFormatting/core/MantisMarkdown.php
+++ b/plugins/MantisCoreFormatting/core/MantisMarkdown.php
@@ -66,6 +66,9 @@ public function __construct() {
 
 		# set the table class
 		$this->table_class = 'table table-nonfluid';
+
+		# XSS protection
+		$this->setSafeMode( true );
 	}
 
 	/**