From 707b719f6746e85df30461bc340a4ee89d7847e6 Mon Sep 17 00:00:00 2001
From: hanishkvc <hanishkvc@gmail.com>
Date: Wed, 26 Nov 2025 21:26:55 +0530
Subject: [PATCH] SimpleChatTCRV:Markdown:ReEnable Sanitize, lineRaw

Maintain raw and sanitized versions of line.

Make blockquote work with raw line and not the sanitized line.
So irrespective of whether sanitize is enabled or not, the logic
will still work. Inturn re-enable HtmlSanitize.
---
 tools/server/public_simplechat/simplechat.js |  2 +-
 tools/server/public_simplechat/typemd.mjs    | 22 ++++++++++++--------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/tools/server/public_simplechat/simplechat.js b/tools/server/public_simplechat/simplechat.js
index 31f78b201e..676c3385df 100644
--- a/tools/server/public_simplechat/simplechat.js
+++ b/tools/server/public_simplechat/simplechat.js
@@ -2106,7 +2106,7 @@ export class Config {
              */
             iRecentUserMsgCnt: 5,
             bMarkdown: true,
-            bMarkdownHtmlSanitize: false,
+            bMarkdownHtmlSanitize: true,
             bCompletionFreshChatAlways: true,
             bCompletionInsertStandardRolePrefix: false,
             bTrimGarbage: true,
diff --git a/tools/server/public_simplechat/typemd.mjs b/tools/server/public_simplechat/typemd.mjs
index 26c0182a3c..753c1834e5 100644
--- a/tools/server/public_simplechat/typemd.mjs
+++ b/tools/server/public_simplechat/typemd.mjs
@@ -279,14 +279,15 @@ export class MarkDown {
      * Handle blockquote block one line at a time.
      * This expects all lines in the block quote to have the marker at the begining.
      *
-     * @param {string} line
-     * @param {string} startTok
+     * @param {string} lineRaw
+     * @param {string} lineSani
      */
-    process_blockquote(line, startTok) {
-        if (!line.startsWith(">")) {
+    process_blockquote(lineRaw, lineSani) {
+        if (!lineRaw.startsWith(">")) {
             this.unwind_blockquote()
             return false
         }
+        let startTok = lineRaw.split(' ', 1)[0]
         if (startTok.match(/^>+$/) == null) {
             this.unwind_blockquote()
             return false
@@ -298,19 +299,22 @@ export class MarkDown {
             this.html += `</blockquote>\n`
         }
         this.in.blockQuote = startTok
-        this.html += `<p>${line}</p>`
+        this.html += `<p>${lineSani}</p>`
         return true
     }
 
     /**
      * Process a line from markdown content
-     * @param {string} line
+     * @param {string} lineRaw
      */
-    process_line(line) {
+    process_line(lineRaw) {
+        let line = ""
         if (this.bHtmlSanitize) {
             let elSanitize = document.createElement('div')
-            elSanitize.textContent = line
+            elSanitize.textContent = lineRaw
             line = elSanitize.innerHTML
+        } else {
+            line = lineRaw
         }
         let lineA = line.split(' ')
         if (this.process_pre_fenced(line)) {
@@ -332,7 +336,7 @@ export class MarkDown {
             this.html += `<h${hLevel}>${line.slice(hLevel)}</h${hLevel}>\n`
             return
         }
-        if (this.process_blockquote(line, lineA[0])) {
+        if (this.process_blockquote(lineRaw, line)) {
             return
         }
         if (this.process_list(line)) {