From 74b6877e825b18ee964f41e113f36eb0fd6ec08b Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Fri, 18 Oct 2024 08:40:13 +0000
Subject: [PATCH] purify wiki page contents, fixes #4528

Closes #4528

Merge request studip/studip!3510
---
 app/controllers/course/wiki.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/course/wiki.php b/app/controllers/course/wiki.php
index 11e691541b5..a204efc0419 100644
--- a/app/controllers/course/wiki.php
+++ b/app/controllers/course/wiki.php
@@ -615,7 +615,8 @@ class Course_WikiController extends AuthenticatedController
 
         $this->validateWikiPage($page, $this->range, true);
 
-        $page->content = \Studip\Markup::markAsHtml(trim(Request::get('content')));
+        $page->content = Studip\Markup::markAsHtml(trim(Request::get('content')));
+        $page->content = Studip\Markup::purifyHtml($page->content);
         $user = User::findCurrent();
         if ($page->isDirty()) {
             $page['user_id'] = $user->id;
-- 
GitLab