From 46fbe577c5df43e65a7155acb8189084c6736db9 Mon Sep 17 00:00:00 2001
From: Martin Mahner <martin@mahner.org>
Date: Thu, 5 Apr 2018 21:22:47 +0200
Subject: [PATCH] Do not allow custom HTML in Markdown.

---
 dpaste/highlight.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/dpaste/highlight.py b/dpaste/highlight.py
index daff9d6..1d26a81 100644
--- a/dpaste/highlight.py
+++ b/dpaste/highlight.py
@@ -67,13 +67,15 @@ class PlainTextHighlighter(Highlighter):
 
 class MarkdownHighlighter(PlainTextHighlighter):
     """Markdown"""
+    extensions = ('tables', 'fenced-code', 'footnotes', 'autolink,',
+                  'strikethrough', 'underline', 'quote', 'superscript',
+                  'math')
+    render_flags = ('skip-html',)
 
     def highlight(self, code_string, lexer_name=None):
         import misaka
-        extensions = ('tables', 'fenced-code', 'footnotes', 'autolink,',
-                      'strikethrough', 'underline', 'quote', 'superscript',
-                      'math')
-        return mark_safe(misaka.html(code_string, extensions=extensions))
+        return mark_safe(misaka.html(code_string, extensions=self.extensions,
+                                     render_flags=self.render_flags))
 
 
 # -----------------------------------------------------------------------------