mirrors/element-web
1
0
Fork 0
mirror of https://github.com/element-hq/element-web synced 2024-11-24 02:05:45 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #333 from aviraldg/feature-img-data

Browse source 
feat: unblacklist img tags with data URIs
This commit is contained in:
David Baker 2016-07-05 09:59:20 +01:00 committed by GitHub
commit 22ae60fb45
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/HtmlUtils.js
View file

@ -28,7 +28,7 @@ var sanitizeHtmlParams = {
// deliberately no h1/h2 to stop people shouting. // deliberately no h1/h2 to stop people shouting.
'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
'nl', 'li', 'b', 'i', 'u', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'nl', 'li', 'b', 'i', 'u', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre' 'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre', 'img',
], ],
allowedAttributes: { allowedAttributes: {
// custom ones first: // custom ones first:
@ -42,7 +42,9 @@ var sanitizeHtmlParams = {
selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ], selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],
// URL schemes we permit // URL schemes we permit
allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ], allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
allowedSchemesByTag: {}, allowedSchemesByTag: {
img: [ 'data' ],
},
transformTags: { // custom to matrix transformTags: { // custom to matrix
// add blank targets to all hyperlinks except vector URLs // add blank targets to all hyperlinks except vector URLs