diff --git a/static/application.js b/static/application.js
index 5bbf8d32..9b584508 100644
--- a/static/application.js
+++ b/static/application.js
@@ -758,7 +758,7 @@ function chunkOnTextInput(event) {
// mobile devices, but the other method is also here as
// a fallback
if(document.queryCommandSupported && document.execCommand && document.queryCommandSupported('insertHTML')) {
- document.execCommand('insertHTML', false, event.originalEvent.data.slice(0, -1) + '
|');
+ document.execCommand('insertHTML', false, event.originalEvent.data.slice(0, -1).replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"').replace(/'/g, ''').replace(/\n/g, '
') + '
|');
var t = $('#_EDITOR_SENTINEL_').contents().filter(function() { return this.nodeType === 3; })[0];
} else {
var t = document.createTextNode('|');
@@ -1043,7 +1043,7 @@ function chunkOnPaste(event) {
// paste as plaintext
if(event.originalEvent.clipboardData && document.queryCommandSupported && document.execCommand && document.queryCommandSupported('insertText')) {
event.preventDefault();
- document.execCommand('insertText', false, event.originalEvent.clipboardData.getData('text/plain'));
+ document.execCommand('insertHTML', false, event.originalEvent.clipboardData.getData('text/plain').replace(/&/g, '&').replace(//g, '>').replace(/"/g, '"').replace(/'/g, ''').replace(/\n/g, '
'));
}
}
diff --git a/templates/index.html b/templates/index.html
index 98b1a8ff..6b774699 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -6,7 +6,7 @@
-
+