Sanitize Markdown HTML output everywhere

author: Raphael Kabo <raphaelkabo@hey.com> 2023-10-09 11:05:39 +0100
committer: Raphael Kabo <raphaelkabo@hey.com> 2023-10-09 11:05:39 +0100
commit: 31022a7d323a351041b7b8508fb56c14fd699580 (patch)
tree: 693f324550dccedd50b6313165b88281a8ebcac8 /src/routes/event.ts
parent: 6af99ef4c0c3a28a29bad9f4c66e41d0365234cc (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/routes/event.ts b/src/routes/event.ts
index 2245009..cfd877e 100644
--- a/src/routes/event.ts
+++ b/src/routes/event.ts
@@ -2,7 +2,6 @@ import { Router, Response, Request } from "express";
 import multer from "multer";
 import Jimp from "jimp";
 import moment from "moment-timezone";
-import { marked } from "marked";
 import {
     generateEditToken,
     generateEventID,
@@ -26,6 +25,7 @@ import getConfig from "../lib/config.js";
 import { sendEmailFromTemplate } from "../lib/email.js";
 import crypto from "crypto";
 import ical from "ical";
+import { markdownToSanitizedHTML } from "../util/markdown.js";
 
 const config = getConfig();
 
@@ -148,7 +148,7 @@ router.post(
                 eventID,
                 config.general.domain,
                 publicKey,
-                marked.parse(eventData.eventDescription),
+                markdownToSanitizedHTML(eventData.eventDescription),
                 eventData.eventName,
                 eventData.eventLocation,
                 eventImageFilename,
author	Raphael Kabo <raphaelkabo@hey.com>	2023-10-09 11:05:39 +0100
committer	Raphael Kabo <raphaelkabo@hey.com>	2023-10-09 11:05:39 +0100
commit	31022a7d323a351041b7b8508fb56c14fd699580 (patch)
tree	693f324550dccedd50b6313165b88281a8ebcac8 /src/routes/event.ts
parent	6af99ef4c0c3a28a29bad9f4c66e41d0365234cc (diff)