From 5fc828f24c5fa0deda616da332bed7e15d1b853d Mon Sep 17 00:00:00 2001
From: Luke Barnard <lukeb@openmarket.com>
Date: Mon, 27 Feb 2017 11:32:57 +0000
Subject: [PATCH] Allow span, and only allow style attrib

---
 src/HtmlUtils.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/HtmlUtils.js b/src/HtmlUtils.js
index 447de08867..3cad98198a 100644
--- a/src/HtmlUtils.js
+++ b/src/HtmlUtils.js
@@ -92,11 +92,12 @@ var sanitizeHtmlParams = {
         // deliberately no h1/h2 to stop people shouting.
         'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
         'nl', 'li', 'b', 'i', 'u', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
-        'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
+        'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre', 'span',
     ],
     allowedAttributes: {
         // custom ones first:
         font: ['color', 'style'], // custom to matrix
+        span: ['style'],
         a: ['href', 'name', 'target', 'rel'], // remote target: custom to matrix
         // We don't currently allow img itself by default, but this
         // would make sense if we did