Electron: Resolves #500: Fixed XSS security vulnerability

ReactNativeClient/lib/MdToHtml.js

@@ -389,7 +389,7 @@ class MdToHtml {
 		const md = new MarkdownIt({
 			breaks: true,
 			linkify: true,
-			html: true,
+			html: false, // For security, HTML tags are not supported - https://github.com/laurent22/joplin/issues/500
 		});
 
 		// This is currently used only so that the $expression$ and $$\nexpression\n$$ blocks are translated
@@ -435,6 +435,9 @@ class MdToHtml {
 			}
 		}
 
+		// Support <br> tag to allow newlines inside table cells
+		renderedBody = renderedBody.replace(/&lt;br&gt;/gi, '<br>');
+
 		// https://necolas.github.io/normalize.css/
 		const normalizeCss = `
 			html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}