Fix XSS HTML replace might get wrong on the HTML comments in the code tags

Author: jackycute

public/js/render.js

@@ -3,6 +3,10 @@ var whiteListAttr = ['id', 'class', 'style'];
 
 var filterXSSOptions = {
     allowCommentTag: true,
+    escapeHtml: function (html) {
+        // to allow html comment in multiple lines
+        return html.replace(/<(.*?)>/g, '&lt;$1&gt;');
+    },
     onIgnoreTag: function (tag, html, options) {
         // allow style in html
         if (whiteListTag.indexOf(tag) !== -1) {