Added stripping of html from markdown

panels/text/editor.html

@@ -1,5 +1,5 @@
 <div ng-controller="text">
   <label class="small">Font Size</label> <select class="input-mini" ng-model="panel.style['font-size']" ng-options="f for f in ['6pt','7pt','8pt','10pt','12pt','14pt','16pt','18pt','20pt','24pt','28pt','32pt','36pt','42pt','48pt','52pt','60pt','72pt']"></select>
-  <label class=small>Content (This area uses <a target="_blank" href="http://en.wikipedia.org/wiki/Markdown">Markdown</a>)</label>
+  <label class=small>Content (This area uses <a target="_blank" href="http://en.wikipedia.org/wiki/Markdown">Markdown</a>. HTML is not supported)</label>
   <textarea ng-model="panel.content" rows="6" style="width:95%"></textarea>
 </div>

panels/text/module.js

@@ -24,7 +24,10 @@ angular.module('kibana.text', [])
         var scripts = $LAB.script("panels/text/lib/showdown.js")
         scripts.wait(function(){
           var converter = new Showdown.converter();
-          var htmlText = converter.makeHtml(scope.panel.content);
+          var text = scope.panel.content.replace(/&/g, '&')
+            .replace(/>/g, '>')
+            .replace(/</g, '&lt;');
+          var htmlText = converter.makeHtml(text);
           element.html(htmlText);
         });
       }