From 0901d6324c89efbd4b55a19796f2ab5e7a95f777 Mon Sep 17 00:00:00 2001
From: Ruben <post@rubensolvang.no>
Date: Fri, 16 Jan 2026 22:03:31 +0100
Subject: [PATCH] Update ParsedownExtra to use mb_encode_numericentity for
 safer HTML encoding

---
 app/vendor/ParsedownExtra.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/vendor/ParsedownExtra.php b/app/vendor/ParsedownExtra.php
index 2adcbaa..95ef854 100644
--- a/app/vendor/ParsedownExtra.php
+++ b/app/vendor/ParsedownExtra.php
@@ -625,7 +625,7 @@ class ParsedownExtra extends Parsedown
         $DOMDocument = new DOMDocument;
 
         # http://stackoverflow.com/q/11309194/200145
-        $elementMarkup = mb_convert_encoding($elementMarkup, 'HTML-ENTITIES', 'UTF-8');
+        $elementMarkup = mb_encode_numericentity($elementMarkup, [0x80, 0x10FFFF, 0, ~0], 'UTF-8');
 
         # http://stackoverflow.com/q/4879946/200145
         $DOMDocument->loadHTML($elementMarkup);
@@ -683,4 +683,4 @@ class ParsedownExtra extends Parsedown
     #
 
     protected $regexAttribute = '(?:[#.][-\w]+[ ]*)';
-}
\ No newline at end of file
+}