aljaz/njump
1
0
Fork 0
mirror of https://github.com/aljazceru/njump.git synced 2025-12-17 06:14:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Filter out iframe tag on markdown rendering

Browse Source
This commit is contained in:
dtonon
2024-06-13 23:28:27 +02:00
parent 93b9748ca4
commit d7bdded88f
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
utils.go
View File

@@ -338,10 +338,9 @@ func sanitizeXSS(html string) string {
p := bluemonday.UGCPolicy() p := bluemonday.UGCPolicy()
p.AllowStyling() p.AllowStyling()
p.RequireNoFollowOnLinks(false) p.RequireNoFollowOnLinks(false)
p.AllowElements("video", "source", "iframe") p.AllowElements("video", "source")
p.AllowAttrs("controls", "width").OnElements("video") p.AllowAttrs("controls", "width").OnElements("video")
p.AllowAttrs("src", "width").OnElements("source") p.AllowAttrs("src", "width").OnElements("source")
p.AllowAttrs("src", "frameborder").OnElements("iframe")
return p.Sanitize(html) return p.Sanitize(html)
} }