fixed XSS vulnerability

HTML sanitisation was performed in incorrect place (before html content
was generated from markdown).

Author: enchant97

frontend/src/core/renderer.ts

@@ -4,8 +4,8 @@ import { markdown_to_html } from '../../renderer/pkg';
 // Render markdown into HTML,
 // will sanitize input to prevent possible XSS attacks
 function render(content: string): string {
-  content = DOMPurify.sanitize(content)
-  return markdown_to_html(content)
+  content = markdown_to_html(content)
+  return DOMPurify.sanitize(content)
 }
 
 export default render