mirrors/element-web
1
0
Fork 0
mirror of https://github.com/element-hq/element-web.git synced 2024-12-13 23:29:51 +03:00
Code Issues Projects Releases Packages Wiki Activity

Only transform <font>

Browse source
This commit is contained in:
Luke Barnard 2017-01-11 16:41:05 +00:00
parent 8e3f2eb858
commit 32185befc0
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/HtmlUtils.js
View file

@ -141,7 +141,7 @@ var sanitizeHtmlParams = {
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/ attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
return { tagName: tagName, attribs : attribs }; return { tagName: tagName, attribs : attribs };
}, },
'*': function(tagName, attribs) { 'font': function(tagName, attribs) {
// Only allow certain CSS attributes to avoid XSS attacks // Only allow certain CSS attributes to avoid XSS attacks
// Sanitizing values to avoid `url(...)` and `expression(...)` attacks // Sanitizing values to avoid `url(...)` and `expression(...)` attacks
if (!attribs.style) { if (!attribs.style) {