From 0239f82a1f2f649ee16fea9ec0589b1f328a2aca Mon Sep 17 00:00:00 2001
From: Menci <huanghaorui301@gmail.com>
Date: Wed, 22 Aug 2018 15:51:07 +0800
Subject: [PATCH] Allow Data URIs in XSS filter

---
 utility.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/utility.js b/utility.js
index dc891e6..77bd9eb 100644
--- a/utility.js
+++ b/utility.js
@@ -100,7 +100,10 @@ module.exports = {
         })
       },
       whiteList: whiteList,
-      stripIgnoreTag: true
+      stripIgnoreTag: true,
+      onTagAttr: (tag, name, value, isWhiteAttr) => {
+        if (tag.toLowerCase() === 'img' && name.toLowerCase() === 'src' && value.startsWith('data:image/')) return name + '="' + XSS.escapeAttrValue(value) + '"';
+      }
     });
     let replaceXSS = s => {
       s = xss.process(s);