Add DOMPurify to sanitize markdown

Closes #546

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

js/mde-wrapper.js

@@ -3,7 +3,7 @@ function myPreviewRender (text) {
         return '&#'+i.charCodeAt(0)+';';
     });
     text = SimpleMDE.prototype.markdown(text);
-    text = text.replace(/ /g, ' ');
+    text = DOMPurify.sanitize(text);
 
     return text;
 };

tpl/create_poll.tpl

@@ -2,6 +2,7 @@
 
 {block name="header"}
     <script src="{"js/simplemde.min.js"|resource}" type="text/javascript"></script>
+    <script src="{"js/dompurify.js"|resource}" type="text/javascript"></script>
     <script src="{"js/mde-wrapper.js"|resource}" type="text/javascript"></script>
     <script src="{"js/app/create_poll.js"|resource}" type="text/javascript"></script>
     <link rel="stylesheet" href="{"css/app/create_poll.css"|resource}">

tpl/studs.tpl

@@ -8,6 +8,7 @@
 
     {if $admin}
         <script src="{"js/simplemde.min.js"|resource}" type="text/javascript"></script>
+        <script src="{"js/dompurify.js"|resource}" type="text/javascript"></script>
         <script src="{"js/mde-wrapper.js"|resource}" type="text/javascript"></script>
         <script src="{"js/app/adminstuds.js"|resource}" type="text/javascript"></script>
         <link rel="stylesheet" href="{'css/simplemde.min.css'|resource}">