rainbownapkin/fore.st
1
0
Fork 0
Code Issues 13 Pull requests Actions Packages Projects Releases Wiki Activity

Add some various harmless tags to the XSS whitelist

Browse source 
sub, sup: Closes #579
cite, small: Bootstrap uses these for blockquotes
template: Will allow for cleaner channel scripts. Since it's contents are inert it will also allow channel admins to have "comments" in their banner.
This commit is contained in:
Xaekai 2016-07-07 04:52:03 -07:00
parent f75d40d278
commit 9f4d2c7ffb
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package.json
View file

@ -2,7 +2,7 @@
"author": "Calvin Montgomery", "author": "Calvin Montgomery",
"name": "CyTube", "name": "CyTube",
"description": "Online media synchronizer and chat", "description": "Online media synchronizer and chat",
"version": "3.17.5", "version": "3.18.1",
"repository": { "repository": {
"url": "http://github.com/calzoneman/sync" "url": "http://github.com/calzoneman/sync"
}, },

7
src/xss.js
View file

@ -5,6 +5,7 @@ var sanitizeHTML = require("sanitize-html");
const ALLOWED_TAGS = [ const ALLOWED_TAGS = [
"button", "button",
"center", "center",
"cite"
"details", "details",
"font", "font",
"h1", "h1",
@ -13,8 +14,12 @@ const ALLOWED_TAGS = [
"marquee", // It pains me to do this, but a lot of people use it... "marquee", // It pains me to do this, but a lot of people use it...
"s", "s",
"section", "section",
"small",
"span", "span",
"summary" "sub",
"summary",
"sup",
"template"
]; ];
const ALLOWED_ATTRIBUTES = [ const ALLOWED_ATTRIBUTES = [