From ff70a2be8920c59847877677086a2d2b237e8d72 Mon Sep 17 00:00:00 2001
From: Liam Fitzgerald <liam@urizen.co>
Date: Thu, 9 Apr 2020 07:56:44 +1000
Subject: [PATCH] publish: sanitise markdown snippets in preview

Runs the snippet through ReactMarkdown instead of rendering it as text.
We restrict the allowed nodes in the render to pure text, so the snippet is not
overly visually heavy.
---
 .../publish/src/js/components/lib/notebook-posts.js          | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/interface/publish/src/js/components/lib/notebook-posts.js b/pkg/interface/publish/src/js/components/lib/notebook-posts.js
index b5fff27c0c..7d0017eaae 100644
--- a/pkg/interface/publish/src/js/components/lib/notebook-posts.js
+++ b/pkg/interface/publish/src/js/components/lib/notebook-posts.js
@@ -71,7 +71,10 @@ export class NotebookPosts extends Component {
             </div>
             <p className="mb1"
             style={{overflowWrap: "break-word"}}>
-              {note.snippet}
+              <ReactMarkdown
+                unwrapDisallowed
+                allowedTypes={['text', 'root', 'break', 'paragraph']}
+                source={note.snippet} />
             </p>
             <div className="flex">
               <div className={(contact.nickname ? null : "mono") +