mirror of https://github.com/vector-im/riot-web
Add comment
parent
6877b99435
commit
dfa97e8452
|
@ -184,6 +184,9 @@ const sanitizeHtmlParams = {
|
||||||
return { tagName: tagName, attribs : attribs };
|
return { tagName: tagName, attribs : attribs };
|
||||||
},
|
},
|
||||||
'img': function(tagName, attribs) {
|
'img': function(tagName, attribs) {
|
||||||
|
// Strip out imgs that aren't `mxc` here instead of using allowedSchemesByTag
|
||||||
|
// because transformTags is used _before_ we filter by allowedSchemesByTag and
|
||||||
|
// we don't want to allow images with `https?` `src`s.
|
||||||
if (!attribs.src.startsWith('mxc://')) {
|
if (!attribs.src.startsWith('mxc://')) {
|
||||||
return { tagName, attribs: {}};
|
return { tagName, attribs: {}};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue