# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2019-02-15 11:53:48
# Node ID 80e2c96afdf706c314cfe782619b285747b1b7be
# Parent  80f2f7a8a978902cdc87b93393e16850ab53555f

security: sanitize plaintext renderer with bleach.

diff --git a/rhodecode/lib/markup_renderer.py b/rhodecode/lib/markup_renderer.py
--- a/rhodecode/lib/markup_renderer.py
+++ b/rhodecode/lib/markup_renderer.py
@@ -357,7 +357,9 @@ class MarkupRenderer(object):
         if leading_newline:
             source += '<br />'
         source += rendered_source.replace("\n", '<br />')
-        return source
+
+        rendered = cls.bleach_clean(source)
+        return rendered
 
     @classmethod
     def markdown(cls, source, safe=True, flavored=True, mentions=False,