From 4dc03a53394a3d9db6af513358b8b7343fcf816b Mon Sep 17 00:00:00 2001
From: Ricter Zheng <RicterZheng@gmail.com>
Date: Sun, 21 Dec 2014 12:25:51 +0800
Subject: [PATCH] Simple fix the xss of markdown #9

---
 lib/markdown_deux/__init__.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/markdown_deux/__init__.py b/lib/markdown_deux/__init__.py
index b56b227..461f6e4 100644
--- a/lib/markdown_deux/__init__.py
+++ b/lib/markdown_deux/__init__.py
@@ -16,7 +16,9 @@
 def markdown(text, style="default"):
     if not text:
         return ""
+    import re
     import markdown2
+    text = re.sub(r'\[(.*?)\]\(javascript:(.*?)\)', r'\[\1\]\(javascript:\2\)', text)
     return markdown2.markdown(text, **get_style(style))
 
 def get_style(style):