From ddfc7e6a3fd231f2c3fbac4a862d595cd30fd954 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 13 Jan 2017 18:46:41 +0100 Subject: [PATCH] Manually whitelist tags Signed-off-by: Lukas Reschke --- settings/js/apps.js | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/settings/js/apps.js b/settings/js/apps.js index 65a0511655..db1bafaf8d 100644 --- a/settings/js/apps.js +++ b/settings/js/apps.js @@ -189,7 +189,22 @@ OC.Settings.Apps = OC.Settings.Apps || { } // Parse markdown in app description - app.description = DOMPurify.sanitize(marked(app.description.trim(), OC.Settings.Apps.markedOptions)); + app.description = DOMPurify.sanitize( + marked(app.description.trim(), OC.Settings.Apps.markedOptions), + { + SAFE_FOR_JQUERY: true, + ALLOWED_TAGS: [ + 'strong', + 'p', + 'a', + 'ul', + 'li', + 'em', + 's', + 'blockquote' + ] + } + ); var html = template(app); if (selector) {