proxmox-mirrors/proxmox-widget-toolkit
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox-widget-toolkit synced 2025-05-28 01:42:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

markdown: extend blocked tags in sanitizer

Browse Source 
not all of those are really problematic, but it's always easier to
start out stricter than required and see if any user even would use
those.

It seems that we should probably switch to a white-list approach...

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2021-07-04 20:32:37 +02:00
parent f2c4f9bdc2
commit 1d3d61ead9
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Parser.js
View File

@ -14,7 +14,9 @@ Ext.define('Proxmox.Markdown', {
let _sanitize;
_sanitize = (node) => {
if (node.nodeType === 3) return;
if (node.nodeType !== 1 || /^(script|style|iframe|object|embed|svg)$/i.test(node.tagName)) {
if (node.nodeType !== 1 ||
/^(script|style|form|select|option|optgroup|map|area|canvas|textarea|applet|font|iframe|audio|video|object|embed|svg)$/i.test(node.tagName)
) {
// could do node.remove() instead, but it's nicer UX if we keep the (encoded!) html
node.outerHTML = Ext.String.htmlEncode(node.outerHTML);
return;