proxmox-mirrors/proxmox-widget-toolkit
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox-widget-toolkit synced 2025-08-12 09:13:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

parser: sanitize HTML: allow 'disabled', 'start', 'type' and 'checked' attributes

Browse Source 
This makes check box lists like the following snipped work:

- [X] Done
- [ ] not done

Further allow the start attr, sometimes generated for ordered lists.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2021-06-21 17:37:27 +02:00
parent d1c4a7389f
commit a610dd9e32
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Parser.js
View File

@ -20,7 +20,7 @@ Ext.define('Proxmox.Markdown', {
for (let i=node.attributes.length; i--;) {
const name = node.attributes[i].name;
// TODO: we may want to also disallow class and id attrs
if (!/^(class|id|name|href|src|alt|align|valign)$/i.test(name)) {
if (!/^(class|id|name|href|src|alt|align|valign|disabled|checked|start|type)$/i.test(name)) {
node.attributes.removeNamedItem(name);
}
}