imterah/element-portable
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix sanitise html warning about unsafe tags (#10384)

Browse source
This commit is contained in:
Michael Telatynski 2023-03-15 12:56:15 +00:00 committed by GitHub
parent 0cfd97b180
commit f37ae1e230
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/utils/Reply.ts
View file

@ -56,7 +56,7 @@ export function stripHTMLReply(html: string): string {
return sanitizeHtml(html, { return sanitizeHtml(html, {
allowedTags: false, // false means allow everything allowedTags: false, // false means allow everything
allowedAttributes: false, allowedAttributes: false,
allowVulnerableTags: false, // silence xss warning, we won't be rendering directly this, so it is safe to do allowVulnerableTags: true, // silence xss warning, we won't be rendering directly this, so it is safe to do
// we somehow can't allow all schemes, so we allow all that we // we somehow can't allow all schemes, so we allow all that we
// know of and mxc (for img tags) // know of and mxc (for img tags)
allowedSchemes: [...PERMITTED_URL_SCHEMES, "mxc"], allowedSchemes: [...PERMITTED_URL_SCHEMES, "mxc"],