OpenCloud
/
riot-web
mirror of https://github.com/vector-im/riot-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix sanitise html warning about unsafe tags (#10384)

pull/28788/head^2
Michael Telatynski 2023-03-15 12:56:15 +00:00 committed by GitHub
parent 0cfd97b180
commit f37ae1e230
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/utils/Reply.ts
View File

@ -56,7 +56,7 @@ export function stripHTMLReply(html: string): string {
return sanitizeHtml(html, {
allowedTags: false, // false means allow everything
allowedAttributes: false,
allowVulnerableTags: false, // silence xss warning, we won't be rendering directly this, so it is safe to do
allowVulnerableTags: true, // silence xss warning, we won't be rendering directly this, so it is safe to do
// we somehow can't allow all schemes, so we allow all that we
// know of and mxc (for img tags)
allowedSchemes: [...PERMITTED_URL_SCHEMES, "mxc"],