Manually whitelist tags

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2017-01-13 18:46:41 +01:00
parent 6a047a045a
commit ddfc7e6a3f
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
1 changed files with 16 additions and 1 deletions

View File

@ -189,7 +189,22 @@ OC.Settings.Apps = OC.Settings.Apps || {
}
// Parse markdown in app description
app.description = DOMPurify.sanitize(marked(app.description.trim(), OC.Settings.Apps.markedOptions));
app.description = DOMPurify.sanitize(
marked(app.description.trim(), OC.Settings.Apps.markedOptions),
{
SAFE_FOR_JQUERY: true,
ALLOWED_TAGS: [
'strong',
'p',
'a',
'ul',
'li',
'em',
's',
'blockquote'
]
}
);
var html = template(app);
if (selector) {