From 27224e1ec7d82bffa7de16cdc877606d44111ddd Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Mar 08 2016 10:36:24 +0000
Subject: Prevent more JS in the comments field while still marking them as safe


---

diff --git a/pagure/templates/_formhelper.html b/pagure/templates/_formhelper.html
index 82e63e0..633ccc3 100644
--- a/pagure/templates/_formhelper.html
+++ b/pagure/templates/_formhelper.html
@@ -124,13 +124,11 @@
         }}">
         </span>
         <span class="comment_text comment_body">
-        {%- autoescape false %}
         {%- if id == 0 -%}
-{{ comment.content | markdown }}
+{{ comment.content | markdown | noJS | safe }}
         {%- else -%}
-{{ comment.comment | markdown }}
+{{ comment.comment | markdown | noJS | safe }}
         {%- endif -%}
-        {% endautoescape -%}
         </span>
       </div>
     </section>
@@ -173,9 +171,7 @@
 <div class="clearfix p-b-3">
   <section class="issue_comment" id="comment-0">
     <div class="comment_body">
-      {%- autoescape false -%}
-{{ comment.content | markdown }}
-      {%- endautoescape -%}
+{{ comment.content | markdown | noJS | safe }}
     </div>
   </section>
   <div class="issue_action icon pull-xs-right">