From 96f5f92c7f8510bc28208bc6a273da22202fad6a Mon Sep 17 00:00:00 2001
From: Luke Barnard <lukeb@openmarket.com>
Date: Mon, 10 Jul 2017 15:44:41 +0100
Subject: [PATCH] Disallow data attribute, we don't need it currently

---
 src/HtmlUtils.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/HtmlUtils.js b/src/HtmlUtils.js
index ea72b92eaf..e291632eca 100644
--- a/src/HtmlUtils.js
+++ b/src/HtmlUtils.js
@@ -153,7 +153,7 @@ const sanitizeHtmlParams = {
     allowedSchemes: ['http', 'https', 'ftp', 'mailto'],
 
     allowedSchemesByTag: {
-        img: [ 'data', 'mxc' ],
+        img: ['mxc'],
     },
     allowProtocolRelative: false,