From 9bd62f986f7ebe8d01562982b679e51069b7d20e Mon Sep 17 00:00:00 2001
From: Oliver <oliver.henry.walters@gmail.com>
Date: Thu, 16 Jun 2022 10:57:28 +1000
Subject: [PATCH] Sanitize data before displaying in markdown editor (#3205)

* Sanitize data before displaying in markdown editor

* Use the sanitize option provided by easymde

* Spelling fix
---
 InvenTree/InvenTree/mixins.py                | 2 +-
 InvenTree/templates/js/translated/helpers.js | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/InvenTree/InvenTree/mixins.py b/InvenTree/InvenTree/mixins.py
index 59347b60eb..584b3ac5ed 100644
--- a/InvenTree/InvenTree/mixins.py
+++ b/InvenTree/InvenTree/mixins.py
@@ -35,7 +35,7 @@ class CleanMixin():
         return Response(serializer.data)
 
     def clean_data(self, data: dict) -> dict:
-        """Clean / snatize data.
+        """Clean / sanitize data.
 
         This uses mozillas bleach under the hood to disable certain html tags by
         encoding them - this leads to script tags etc. to not work.
diff --git a/InvenTree/templates/js/translated/helpers.js b/InvenTree/templates/js/translated/helpers.js
index ddd3678e3b..67a6ccae7f 100644
--- a/InvenTree/templates/js/translated/helpers.js
+++ b/InvenTree/templates/js/translated/helpers.js
@@ -274,6 +274,11 @@ function setupNotesField(element, url, options={}) {
         initialValue: initial,
         toolbar: toolbar_icons,
         shortcuts: [],
+        renderingConfig: {
+            markedOptions: {
+                sanitize: true,
+            }
+        }
     });