diff --git a/zanata-war/src/main/webapp/edit_home_content.xhtml b/zanata-war/src/main/webapp/edit_home_content.xhtml
index 4e3f075de3..14d8baa18f 100644
--- a/zanata-war/src/main/webapp/edit_home_content.xhtml
+++ b/zanata-war/src/main/webapp/edit_home_content.xhtml
@@ -41,8 +41,11 @@
+
diff --git a/zanata-war/src/main/webapp/resources/script/commonmark-preview.js b/zanata-war/src/main/webapp/resources/script/commonmark-preview.js
index b2cb0a1b4b..edc3f20a05 100644
--- a/zanata-war/src/main/webapp/resources/script/commonmark-preview.js
+++ b/zanata-war/src/main/webapp/resources/script/commonmark-preview.js
@@ -4,7 +4,12 @@ $(function() {
var writer = new commonmark.HtmlRenderer();
function mdRender(src) {
- return writer.render(reader.parse(src));
+ // NB Preview disabled due to https://bugzilla.redhat.com/show_bug.cgi?id=1232541
+ // TODO Run the HTML through a sanitiser like Google Caja JsHtmlSanitizer?
+ //var unsafeHtml = writer.render(reader.parse(src));
+ //var safeHtml = sanitizer.sanitize(unsafeHtml);
+ //return safeHtml;
+ return '';
}
var $allEditors = $('.js-commonmark__editor');
diff --git a/zanata-war/src/test/java/org/zanata/util/HtmlUtilTest.java b/zanata-war/src/test/java/org/zanata/util/HtmlUtilTest.java
index e28ee3ee51..2a7c7f8e12 100644
--- a/zanata-war/src/test/java/org/zanata/util/HtmlUtilTest.java
+++ b/zanata-war/src/test/java/org/zanata/util/HtmlUtilTest.java
@@ -31,6 +31,14 @@
*/
public class HtmlUtilTest {
+ @Test
+ public void sanitiseLinkAddNoFollow() {
+ String input = "Untrusted link: Click here!
";
+ String expected = "Untrusted link: Click here!
";
+ String actual = SANITIZER.sanitize(input);
+ assertThat(actual).isEqualTo(expected);
+ }
+
@Test
public void sanitisePlainText() {
String input = "some text";