Browse Source

Allow Data URIs in XSS filter

pull/6/head
Menci 6 years ago committed by GitHub
parent
commit
0239f82a1f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 5
      utility.js

5
utility.js

@ -100,7 +100,10 @@ module.exports = {
})
},
whiteList: whiteList,
stripIgnoreTag: true
stripIgnoreTag: true,
onTagAttr: (tag, name, value, isWhiteAttr) => {
if (tag.toLowerCase() === 'img' && name.toLowerCase() === 'src' && value.startsWith('data:image/')) return name + '="' + XSS.escapeAttrValue(value) + '"';
}
});
let replaceXSS = s => {
s = xss.process(s);

Loading…
Cancel
Save