Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: relaxing strict allowedTags configuration for incoming AP content (allowing picture, source, and additional attributes for img)

Browse Source 
re: #13185
This commit is contained in:
Julian Lam
2025-02-20 14:07:39 -05:00
parent f84b9fc75b
commit 2ad48f1714
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/activitypub/mocks.js
View File

@@ -29,12 +29,14 @@ const Mocks = module.exports;
* Done so the output HTML is stripped of all non-essential items; mainly classes from plugins..
*/
const sanitizeConfig = {
allowedTags: sanitize.defaults.allowedTags.concat(['img']),
allowedTags: sanitize.defaults.allowedTags.concat(['img', 'picture', 'source']),
allowedClasses: {
'*': [],
},
allowedAttributes: {
a: ['href', 'rel'],
source: ['type', 'src', 'srcset', 'sizes', 'media', 'height', 'width'],
img: ['alt', 'height', 'ismap', 'src', 'usemap', 'width', 'srcset'],
},
};