Add some various harmless tags to the XSS whitelist

sub, sup: Closes #579
cite, small: Bootstrap uses these for blockquotes
template: Will allow for cleaner channel scripts. Since it's contents are inert it will also allow channel admins to have "comments" in their banner.
This commit is contained in:
Xaekai 2016-07-07 04:52:03 -07:00
parent f75d40d278
commit 9f4d2c7ffb
2 changed files with 7 additions and 2 deletions

View file

@ -2,7 +2,7 @@
"author": "Calvin Montgomery",
"name": "CyTube",
"description": "Online media synchronizer and chat",
"version": "3.17.5",
"version": "3.18.1",
"repository": {
"url": "http://github.com/calzoneman/sync"
},

View file

@ -5,6 +5,7 @@ var sanitizeHTML = require("sanitize-html");
const ALLOWED_TAGS = [
"button",
"center",
"cite"
"details",
"font",
"h1",
@ -13,8 +14,12 @@ const ALLOWED_TAGS = [
"marquee", // It pains me to do this, but a lot of people use it...
"s",
"section",
"small",
"span",
"summary"
"sub",
"summary",
"sup",
"template"
];
const ALLOWED_ATTRIBUTES = [