apply markdown whitelist filters only to prevent ping from remote includes

templates/default/room/index.html.twig

@@ -34,13 +34,16 @@
                             </svg>
                         </span>
                     {% endif %}
-                    {# markdown filter enabled could deanon chat users by external image request, disabled
                     <br />
-                    {{ post.message | message_to_markdown | markdown_to_html }}
+                    {# apply markdown whitelist filters only to prevent ping from remote includes #}
-                    #}
+                    {{
-                    <p>
+                        post.message | trim
-                        {{ post.message | trim | nl2br }}
+                                     | striptags
-                    </p>
+                                     | markdown_to_html
+                                     | striptags
+                                     | message_to_markdown
+                                     | markdown_to_html
+                    }}
                 </li>
             {% endfor %}
         </ul>