Merge pull request #2410 from /issues/2408

Fixes #2408 - Allow additional safe HTML tags in sanitized markdown

Author: Mike Taylor

.eslintrc

@@ -25,6 +25,7 @@
     "md": true,
     "module": true,
     "moment": true,
+    "MarkdownSanitizerMixin": true,
     "Mousetrap": true,
     "PaginationMixin": true,
     "Prism": true,

grunt-tasks/concat.js

@@ -37,6 +37,7 @@ module.exports = function(grunt) {
     },
     issues: {
       src: [
+        "<%= jsPath %>/lib/mixins/extend-md-sanitizer.js",
         "<%= jsPath %>/lib/models/label-list.js",
         "<%= jsPath %>/lib/editor.js",
         "<%= jsPath %>/lib/labels.js",
@@ -54,6 +55,7 @@ module.exports = function(grunt) {
         "<%= jsPath %>/lib/models/label-list.js",
         "<%= jsPath %>/lib/models/issue.js",
         "<%= jsPath %>/lib/mixins/pagination.js",
+        "<%= jsPath %>/lib/mixins/extend-md-sanitizer.js",
         "<%= jsPath %>/lib/issue-list.js"
       ],
       dest: "<%= jsDistPath %>/issue-list.js"

webcompat/static/js/lib/comments.js

@@ -21,14 +21,20 @@ issues.CommentsCollection = Backbone.Collection.extend({
   }
 });
 
-issues.CommentView = Backbone.View.extend({
-  className: "issue-comment js-Issue-comment grid-cell x2",
-  id: function() {
-    return this.model.get("commentLinkId");
-  },
-  template: wcTmpl["issue/issue-comment-list.jst"],
-  render: function() {
-    this.$el.html(this.template(this.model.toJSON()));
-    return this;
-  }
-});
+var commentMarkdownSanitizer = new MarkdownSanitizerMixin();
+
+issues.CommentView = Backbone.View.extend(
+  _.extend({}, commentMarkdownSanitizer, {
+    className: "issue-comment js-Issue-comment grid-cell x2",
+    id: function() {
+      return this.model.get("commentLinkId");
+    },
+    template: wcTmpl["issue/issue-comment-list.jst"],
+    render: function() {
+      var modelData = this.model.toJSON();
+      modelData.body = this.sanitizeMarkdown(modelData.body);
+      this.$el.html(this.template(modelData));
+      return this;
+    }
+  })
+);