Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: restrict classes allowed for img tag in Markdown

This commit is contained in:
Sam 2017-10-16 09:34:30 +11:00
parent 52b33b448d
commit 9cb088e3f6
3 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/pretty-text/engines/discourse-markdown/emoji.js.es6
View File

@ -240,4 +240,6 @@ export function setup(helper) {
state, (c,s)=>applyEmoji(c,s,md.options.discourse.emojiUnicodeReplacer)) state, (c,s)=>applyEmoji(c,s,md.options.discourse.emojiUnicodeReplacer))
); );
}); });
helper.whiteList(['img[class=emoji]']);
} }

2
app/assets/javascripts/pretty-text/engines/discourse-markdown/quotes.js.es6
View File

@ -130,4 +130,6 @@ export function setup(helper) {
helper.registerPlugin(md=>{ helper.registerPlugin(md=>{
md.block.bbcode.ruler.push('quotes', rule); md.block.bbcode.ruler.push('quotes', rule);
}); });
helper.whiteList(['img[class=avatar]']);
} }

1
app/assets/javascripts/pretty-text/white-lister.js.es6
View File

@ -156,7 +156,6 @@ const DEFAULT_LIST = [
'iframe[marginwidth]', 'iframe[marginwidth]',
'iframe[width]', 'iframe[width]',
'img[alt]', 'img[alt]',
'img[class]',
'img[height]', 'img[height]',
'img[title]', 'img[title]',
'img[width]', 'img[width]',