Add some various harmless tags to the XSS whitelist
sub, sup: Closes #579 cite, small: Bootstrap uses these for blockquotes template: Will allow for cleaner channel scripts. Since it's contents are inert it will also allow channel admins to have "comments" in their banner.
This commit is contained in:
parent
f75d40d278
commit
9f4d2c7ffb
|
@ -2,7 +2,7 @@
|
|||
"author": "Calvin Montgomery",
|
||||
"name": "CyTube",
|
||||
"description": "Online media synchronizer and chat",
|
||||
"version": "3.17.5",
|
||||
"version": "3.18.1",
|
||||
"repository": {
|
||||
"url": "http://github.com/calzoneman/sync"
|
||||
},
|
||||
|
|
|
@ -5,6 +5,7 @@ var sanitizeHTML = require("sanitize-html");
|
|||
const ALLOWED_TAGS = [
|
||||
"button",
|
||||
"center",
|
||||
"cite"
|
||||
"details",
|
||||
"font",
|
||||
"h1",
|
||||
|
@ -13,8 +14,12 @@ const ALLOWED_TAGS = [
|
|||
"marquee", // It pains me to do this, but a lot of people use it...
|
||||
"s",
|
||||
"section",
|
||||
"small",
|
||||
"span",
|
||||
"summary"
|
||||
"sub",
|
||||
"summary",
|
||||
"sup",
|
||||
"template"
|
||||
];
|
||||
|
||||
const ALLOWED_ATTRIBUTES = [
|
||||
|
|
Loading…
Reference in a new issue