From 1d9b3ac2b56ce995f0b434789adf6e5ef13d9d0f Mon Sep 17 00:00:00 2001
From: Junyoung Choi <fluke8259@gmail.com>
Date: Sat, 7 Jul 2018 01:22:11 +0900
Subject: [PATCH] Add sanitization for code fence

---
 browser/components/MarkdownPreview.js    | 2 +-
 browser/lib/markdown-it-sanitize-html.js | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/browser/components/MarkdownPreview.js b/browser/components/MarkdownPreview.js
index c5abd57a..a5a9e9ee 100755
--- a/browser/components/MarkdownPreview.js
+++ b/browser/components/MarkdownPreview.js
@@ -449,7 +449,7 @@ export default class MarkdownPreview extends React.Component {
         value = value.replace(codeBlock, htmlTextHelper.encodeEntities(codeBlock))
       })
     }
-    let renderedHTML = this.markdown.render(value)
+    const renderedHTML = this.markdown.render(value)
     attachmentManagement.migrateAttachments(renderedHTML, storagePath, noteKey)
     this.refs.root.contentWindow.document.body.innerHTML = attachmentManagement.fixLocalURLS(renderedHTML, storagePath)
 
diff --git a/browser/lib/markdown-it-sanitize-html.js b/browser/lib/markdown-it-sanitize-html.js
index beec9566..6d1a44b6 100644
--- a/browser/lib/markdown-it-sanitize-html.js
+++ b/browser/lib/markdown-it-sanitize-html.js
@@ -10,6 +10,9 @@ module.exports = function sanitizePlugin (md, options) {
       if (state.tokens[tokenIdx].type === 'html_block') {
         state.tokens[tokenIdx].content = sanitizeHtml(state.tokens[tokenIdx].content, options)
       }
+      if (state.tokens[tokenIdx].type === 'fence') {
+        state.tokens[tokenIdx].content = state.tokens[tokenIdx].content.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;')
+      }
       if (state.tokens[tokenIdx].type === 'inline') {
         const inlineTokens = state.tokens[tokenIdx].children
         for (let childIdx = 0; childIdx < inlineTokens.length; childIdx++) {