From 69664dc0ef87963d531cd4483a205d548e5b9750 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Mon, 7 Dec 2020 11:26:08 +0100
Subject: [PATCH] Only allow blob URLs in restricted tags

---
 www/common/diffMarked.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/common/diffMarked.js b/www/common/diffMarked.js
index 3d5704584..2bbd51dde 100644
--- a/www/common/diffMarked.js
+++ b/www/common/diffMarked.js
@@ -358,7 +358,7 @@ define([
     // Only allow iframe, video and audio with local source
     var checkSrc = function (root) {
         if (restrictedTags.indexOf(root.nodeName.toUpperCase()) === -1) { return true; }
-        return root.getAttribute && /^(blob\:|\/)/.test(root.getAttribute('src'));
+        return root.getAttribute && /^blob\:/.test(root.getAttribute('src'));
     };
 
     var removeForbiddenTags = function (root) {