mirror of
https://github.com/vector-im/element-web.git
synced 2024-11-18 06:35:35 +08:00
Only transform <font>
This commit is contained in:
parent
8e3f2eb858
commit
32185befc0
@ -141,7 +141,7 @@ var sanitizeHtmlParams = {
|
|||||||
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
|
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
|
||||||
return { tagName: tagName, attribs : attribs };
|
return { tagName: tagName, attribs : attribs };
|
||||||
},
|
},
|
||||||
'*': function(tagName, attribs) {
|
'font': function(tagName, attribs) {
|
||||||
// Only allow certain CSS attributes to avoid XSS attacks
|
// Only allow certain CSS attributes to avoid XSS attacks
|
||||||
// Sanitizing values to avoid `url(...)` and `expression(...)` attacks
|
// Sanitizing values to avoid `url(...)` and `expression(...)` attacks
|
||||||
if (!attribs.style) {
|
if (!attribs.style) {
|
||||||
|
Loading…
Reference in New Issue
Block a user