Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: nodebb/nodebb-plugin-link-preview#18, remove sup from allowedTags, add source + source attributes

Browse Source
This commit is contained in:
Julian Lam
2023-09-11 13:56:50 -04:00
parent 447b795425
commit f09f4105ba
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/posts/parse.js
View File

@@ -14,9 +14,8 @@ const utils = require('../utils');
let sanitizeConfig = {
allowedTags: sanitize.defaults.allowedTags.concat([
// Some safe-to-use tags to add
'sup', 'ins', 'del', 'img', 'button',
'video', 'audio', 'iframe', 'embed',
// 'sup' still necessary until https://github.com/apostrophecms/sanitize-html/pull/422 merged
'ins', 'del', 'img', 'button',
'video', 'audio', 'source', 'iframe', 'embed',
]),
allowedAttributes: {
...sanitize.defaults.allowedAttributes,
@@ -25,6 +24,7 @@ let sanitizeConfig = {
iframe: ['height', 'name', 'src', 'width'],
video: ['autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width'],
audio: ['autoplay', 'controls', 'loop', 'muted', 'preload', 'src'],
source: ['type', 'src', 'srcset', 'sizes', 'media', 'height', 'width'],
embed: ['height', 'src', 'type', 'width'],
},
globalAttributes: ['accesskey', 'class', 'contenteditable', 'dir',