From 124fd6e639b0bc43f3714134d6dead77895fd490 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gmail.com>
Date: Tue, 30 Jun 2015 08:53:06 -0400
Subject: [PATCH] Merge pull request #282 from mrjoel/mrjoel-fixhttpurlperms

---
 src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
index f26f7fb..ade92c0 100644
--- a/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
+++ b/src/main/java/com/gitblit/wicket/panels/MarkdownTextArea.java
@@ -70,7 +70,8 @@
 			return;
 		}
 		String html = MarkdownUtils.transformGFM(GitBlitWebApp.get().settings(), text, repositoryName);
-		previewModel.setObject(html);
+		String safeHtml = GitBlitWebApp.get().xssFilter().relaxed(html);
+		previewModel.setObject(safeHtml);
 	}
 
 	public String getText() {

--
Gitblit v1.9.1