status-im/codimd
2
0
Fork 0
mirror of https://github.com/status-im/codimd.git synced 2025-01-11 16:04:37 +00:00
Code Issues Projects Releases Wiki Activity

Updated to support html comment tag in XSS

Browse Source
This commit is contained in:
Cheng-Han, Wu 2016-02-16 09:51:22 -06:00
parent 26c40dca2d
commit 2501b190ab
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/js/render.js
View File

@ -1,10 +1,11 @@
var whiteListTag = ['style', '!--'];
var whiteListAttr = ['id', 'class', 'style'];
var filterXSSOptions = {
allowCommentTag: true,
onIgnoreTag: function (tag, html, options) {
// allow style in html
if (tag === 'style') {
if (whiteListTag.indexOf(tag) !== -1) {
// do not filter its attributes
return html;
}