Merge branch 'main' into 1078-language-select-disable-warning

diff --git a/src/server/index.tsx b/src/server/index.tsx
index f96901b980b07cd5c2f614edcf52a84257ae16bb..1fab13d15a23c199420d0169d04ae0a73df6f287 100644 (file)
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -9,6 +9,7 @@ import IsomorphicCookie from "isomorphic-cookie";
 import { GetSite, GetSiteResponse, LemmyHttp, Site } from "lemmy-js-client";
 import path from "path";
 import process from "process";
+import sanitize from "sanitize-html";
 import serialize from "serialize-javascript";
 import sharp from "sharp";
 import { App } from "../shared/components/app/app";
@@ -25,7 +26,6 @@ import {
   favIconUrl,
   initializeSite,
   isAuthPath,
-  md,
 } from "../shared/utils";
 
 const server = express();
@@ -348,9 +348,7 @@ async function createSsrHtml(root: string, isoData: IsoDataOptionalSite) {
   <!DOCTYPE html>
   <html ${helmet.htmlAttributes.toString()} lang="en">
   <head>
-  <script>window.isoData = ${md.utils.escapeHtml(
-    JSON.stringify(isoData)
-  )}</script>
+  <script>window.isoData = ${sanitize(JSON.stringify(isoData))}</script>
   <script>window.lemmyConfig = ${serialize(config)}</script>
 
   <!-- A remote debugging utility for mobile -->

diff --git a/src/shared/utils.ts b/src/shared/utils.ts
index 504bfcb6fb437924ccdf0abaaf8b4ec633debae3..f98fa5633176907b50750730bb3c9ba09f90a8db 100644 (file)
--- a/src/shared/utils.ts
+++ b/src/shared/utils.ts
@@ -206,11 +206,13 @@ export function hotRank(score: number, timeStr: string): number {
 }
 
 export function mdToHtml(text: string) {
-  return { __html: md.render(text) };
+  // restore '>' character to fix quotes
+  return { __html: md.render(text.split(">").join(">")) };
 }
 
 export function mdToHtmlNoImages(text: string) {
-  return { __html: mdNoImages.render(text) };
+  // restore '>' character to fix quotes
+  return { __html: mdNoImages.render(text.split(">").join(">")) };
 }
 
 export function mdToHtmlInline(text: string) {