lib/makeup/markup.rb in makeup-0.4.2 vs lib/makeup/markup.rb in makeup-0.4.3

@@ -20,10 +20,11 @@
 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
 #++
+require "loofah"
 require "github/markup"
 require "makeup/code_block_parser"
 require "makeup/syntax_highlighter"
 
 module Makeup
@@ -54,10 +55,14 @@
       @highlighter = options[:highlighter] || NoopHighlighter.new
     end
 
     def render(path, content)
       content = highlight_code_blocks(path, content)
-      GitHub::Markup.render(path, content)
+      sanitize(GitHub::Markup.render(path, content))
+    end
+
+    def sanitize(html)
+      Loofah.fragment(html).scrub!(:prune).to_s
     end
 
     def highlight_code_blocks(path, markup)
       return markup unless path =~ /\.(md|mkdn?|mdwn|mdown|markdown)$/
       CodeBlockParser.parse(markup) do |lexer, code|