Disallow data attribute, we don't need it currently

2024-12-03 01:14:32 +03:00 · 2017-07-10 15:44:41 +01:00 · 2017-07-10 15:44:41 +01:00 · 96f5f92c7f
commit 96f5f92c7f
parent f9ee89b2f4
1 changed files with 1 additions and 1 deletions
--- a/src/HtmlUtils.js
+++ b/src/HtmlUtils.js
@ -153,7 +153,7 @@ const sanitizeHtmlParams = {
    allowedSchemes: ['http', 'https', 'ftp', 'mailto'],

    allowedSchemesByTag: {
-        img: [ 'data', 'mxc' ],
+        img: ['mxc'],
    },
    allowProtocolRelative: false,