sam/pleroma
sam
/
pleroma
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix some XSS maybe 

Signed-off-by: Sam Therapy <sam@samtherapy.net>
This commit is contained in:
Sam Therapy 2022-11-26 18:07:28 +01:00
parent 7ad1637a7a
commit 1f1b72a11f
Signed by: sam
GPG Key ID: 4D8B07C18F31ACBD
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
priv/scrubbers/default.ex
View File

@ -71,10 +71,11 @@ defmodule Pleroma.HTML.Scrubber.Default do
# restrict img tags to http/https only, because of MediaProxy.
Meta.allow_tag_with_uri_attributes(:img, ["src"], ["http", "https"])
Meta.allow_tag_with_this_attribute_values(:img, ["class"], ["emoji"])
Meta.allow_tag_with_these_attributes(:img, [
"width",
"height",
"class",
"title",
"alt"
])