infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

Only allow blob URLs in restricted tags

pull/1/head
yflory 2020-12-07 11:26:08 +01:00
parent b636209d3e
commit 69664dc0ef
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
www/common/diffMarked.js
View File

@ -358,7 +358,7 @@ define([
// Only allow iframe, video and audio with local source
var checkSrc = function (root) {
if (restrictedTags.indexOf(root.nodeName.toUpperCase()) === -1) { return true; }
return root.getAttribute && /^(blob\:|\/)/.test(root.getAttribute('src'));
return root.getAttribute && /^blob\:/.test(root.getAttribute('src'));
};
var removeForbiddenTags = function (root) {