From 34b96f49de65e55af62e69541892c02851dc1b9b Mon Sep 17 00:00:00 2001
From: iou1name <iou1name@national.shitposting.agency>
Date: Thu, 21 Jun 2018 22:49:25 -0400
Subject: [PATCH] minor sanitization for post editing

---
 events.py            | 3 +++
 templates/quest.html | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/events.py b/events.py
index cc7fc7c..30264dd 100644
--- a/events.py
+++ b/events.py
@@ -83,6 +83,9 @@ def update_post(data):
 		return
 
 	post = data["post"]
+	post = post.strip().replace("<br>", "<br />")
+	data["post"] = post
+
 	post_id = data["post_id"]
 	db.update_quest_post(post_id, post)
 	emit("update_post", data, room=room)
diff --git a/templates/quest.html b/templates/quest.html
index 9c02e04..d3f9953 100644
--- a/templates/quest.html
+++ b/templates/quest.html
@@ -3,6 +3,7 @@
 {% block head %}
 	<script type="text/javascript" src="/static/socket.io.slim.js"></script>
 	<script>
+		document.execCommand("defaultParagraphSeparator", false, "br");
 		var socket;
 		var tid = setInterval( function () {
 			if ( document.readyState !== 'complete' ) return;
@@ -61,7 +62,8 @@
 		}
 		function edit_post(post_id) {
 			document.getElementById('questPostData-' + post_id).contentEditable = 'true';
-			document.getElementById('questPostData-' + post_id).style.border = '1px solid #ccc'
+			document.execCommand("defaultParagraphSeparator", false, "br");
+			document.getElementById('questPostData-' + post_id).style.border = '1px solid #ccc';
 			document.getElementById('savePost-' + post_id).style.display = 'initial';
 		}
 		function save_post(post_id) {