Only allow blob URLs in restricted tags

4 years ago · 69664dc0ef
parent b636209d3e
commit 69664dc0ef
1 changed files with 1 additions and 1 deletions
--- a/www/common/diffMarked.js
+++ b/www/common/diffMarked.js
@ -358,7 +358,7 @@ define([
    // Only allow iframe, video and audio with local source
    var checkSrc = function (root) {
        if (restrictedTags.indexOf(root.nodeName.toUpperCase()) === -1) { return true; }
-        return root.getAttribute && /^(blob\:|\/)/.test(root.getAttribute('src'));
+        return root.getAttribute && /^blob\:/.test(root.getAttribute('src'));
    };

    var removeForbiddenTags = function (root) {