Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-05-02 06:26:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it

Browse source
This commit is contained in:
El RIDO 2020-02-01 08:46:59 +01:00
parent 428ea2f34e
commit cc0920fc09
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
21 changed files with 47 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

2
js/privatebin.js
View file

@ -645,7 +645,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// only allow tags/attributes we actually use in translations
output = DOMPurify.sanitize(
output, {
ALLOWED_TAGS: ['a', 'br', 'i', 'span'],
ALLOWED_TAGS: ['a', 'i', 'span'],
ALLOWED_ATTR: ['href', 'id']
}
);