specter/CyTube
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #588 from Xaekai/moretags

Browse source 
Add some various harmless tags to the XSS whitelist
This commit is contained in:
Calvin Montgomery 2016-07-07 23:06:46 -07:00 committed by GitHub
parent 7025a70034 42cf772dc3
commit 32bb63e06b
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package.json
View file

@ -2,7 +2,7 @@
"author": "Calvin Montgomery", "author": "Calvin Montgomery",
"name": "CyTube", "name": "CyTube",
"description": "Online media synchronizer and chat", "description": "Online media synchronizer and chat",
"version": "3.18.0", "version": "3.18.1",
"repository": { "repository": {
"url": "http://github.com/calzoneman/sync" "url": "http://github.com/calzoneman/sync"
}, },

7
src/xss.js
View file

@ -5,6 +5,7 @@ var sanitizeHTML = require("sanitize-html");
const ALLOWED_TAGS = [ const ALLOWED_TAGS = [
"button", "button",
"center", "center",
"cite"
"details", "details",
"font", "font",
"h1", "h1",
@ -13,8 +14,12 @@ const ALLOWED_TAGS = [
"marquee", // It pains me to do this, but a lot of people use it... "marquee", // It pains me to do this, but a lot of people use it...
"s", "s",
"section", "section",
"small",
"span", "span",
"summary" "sub",
"summary",
"sup",
"template"
]; ];
const ALLOWED_ATTRIBUTES = [ const ALLOWED_ATTRIBUTES = [