feat: unblacklist img tags with data URIs

fixes vector-im/vector-web#1692
pull/21833/head
Aviral Dasgupta 2016-07-05 11:13:34 +05:30
parent 9b364c1be5
commit 545d59769e
1 changed files with 4 additions and 2 deletions

View File

@ -28,7 +28,7 @@ var sanitizeHtmlParams = {
// deliberately no h1/h2 to stop people shouting.
'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
'nl', 'li', 'b', 'i', 'u', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre', 'img',
],
allowedAttributes: {
// custom ones first:
@ -42,7 +42,9 @@ var sanitizeHtmlParams = {
selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],
// URL schemes we permit
allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
allowedSchemesByTag: {},
allowedSchemesByTag: {
img: [ 'data' ],
},
transformTags: { // custom to matrix
// add blank targets to all hyperlinks except vector URLs