public/Boostnote
1
0
Fork 0
mirror of https://github.com/BoostIo/Boostnote synced 2025-12-13 17:56:25 +00:00
Code Issues Releases Wiki Activity

fixing sanitization of inline html like (<kbd>) #1992

Browse Source
This commit is contained in:
Baptiste Augrain
2018-08-25 23:14:05 +02:00
parent 039f73711a
commit 3bdc88cecb
2 changed files with 90 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
browser/lib/markdown.js
View File

@@ -105,7 +105,11 @@ class Markdown {
'iframe': ['src', 'width', 'height', 'frameborder', 'allowfullscreen'],
'input': ['type', 'id', 'checked']
},
allowedIframeHostnames: ['www.youtube.com']
allowedIframeHostnames: ['www.youtube.com'],
selfClosing: [ 'img', 'br', 'hr', 'input' ],
allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
allowedSchemesAppliedToAttributes: [ 'href', 'src', 'cite' ],
allowProtocolRelative: true
})
}