From 418897b7ce2cf2acceab638f204043eea81e63cc Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 19 Sep 2021 10:03:19 +0100
Subject: [PATCH] Exclude code from markup, unless it is a git patch

---
 inbox.py | 1 +
 utils.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/inbox.py b/inbox.py
index cf8ab0877..f0323bcfa 100644
--- a/inbox.py
+++ b/inbox.py
@@ -1870,6 +1870,7 @@ def _validPostContent(baseDir: str, nickname: str, domain: str,
             print('WARN: invalid content warning ' + summary)
             return False
 
+    # check for patches before dangeousMarkup, which excludes code
     if isGitPatch(baseDir, nickname, domain,
                   messageJson['object']['type'],
                   summary,
diff --git a/utils.py b/utils.py
index 889c9edbd..4d969d530 100644
--- a/utils.py
+++ b/utils.py
@@ -859,7 +859,7 @@ def dangerousMarkup(content: str, allowLocalNetworkAccess: bool) -> bool:
     """
     separators = [['<', '>'], ['&lt;', '&gt;']]
     invalidStrings = [
-        'script', 'noscript',
+        'script', 'noscript', 'code',
         'canvas', 'style', 'abbr',
         'frame', 'iframe', 'html', 'body',
         'hr', 'allow-popups', 'allow-scripts'