fix some XSS maybe
Signed-off-by: Sam Therapy <sam@samtherapy.net>
This commit is contained in:
parent
7ad1637a7a
commit
1f1b72a11f
1 changed files with 2 additions and 1 deletions
|
@ -71,10 +71,11 @@ defmodule Pleroma.HTML.Scrubber.Default do
|
|||
# restrict img tags to http/https only, because of MediaProxy.
|
||||
Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
|
||||
|
||||
Meta.allow_tag_with_this_attribute_values(:img, ["class"], ["emoji"])
|
||||
|
||||
Meta.allow_tag_with_these_attributes(:img, [
|
||||
"width",
|
||||
"height",
|
||||
"class",
|
||||
"title",
|
||||
"alt"
|
||||
])
|
||||
|
|
Loading…
Reference in a new issue