mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Manually whitelist tags 

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2017-01-13 18:46:41 +01:00 committed by Joas Schilling
parent 2382bf9011
commit a30d170aca
No known key found for this signature in database
GPG Key ID: E166FD8976B3BAC8
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
settings/js/apps.js
View File

@ -189,7 +189,22 @@ OC.Settings.Apps = OC.Settings.Apps || {
}
// Parse markdown in app description
app.description = DOMPurify.sanitize(marked(app.description.trim(), OC.Settings.Apps.markedOptions));
app.description = DOMPurify.sanitize(
marked(app.description.trim(), OC.Settings.Apps.markedOptions),
{
SAFE_FOR_JQUERY: true,
ALLOWED_TAGS: [
'strong',
'p',
'a',
'ul',
'li',
'em',
's',
'blockquote'
]
}
);
var html = template(app);
if (selector) {