mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 08:36:12 +01:00 
			
		
		
		
	fix: relaxing strict allowedTags configuration for incoming AP content (allowing picture, source, and additional attributes for img)
re: #13185
This commit is contained in:
		| @@ -29,12 +29,14 @@ const Mocks = module.exports; | ||||
|  * Done so the output HTML is stripped of all non-essential items; mainly classes from plugins.. | ||||
|  */ | ||||
| const sanitizeConfig = { | ||||
| 	allowedTags: sanitize.defaults.allowedTags.concat(['img']), | ||||
| 	allowedTags: sanitize.defaults.allowedTags.concat(['img', 'picture', 'source']), | ||||
| 	allowedClasses: { | ||||
| 		'*': [], | ||||
| 	}, | ||||
| 	allowedAttributes: { | ||||
| 		a: ['href', 'rel'], | ||||
| 		source: ['type', 'src', 'srcset', 'sizes', 'media', 'height', 'width'], | ||||
| 		img: ['alt', 'height', 'ismap', 'src', 'usemap', 'width', 'srcset'], | ||||
| 	}, | ||||
| }; | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user