Remove some obscure HTML tags from sanitization

2014-06-24 11:03:45 -04:00 · 2014-06-24 11:03:45 -04:00 · a7ad7f6a45
parent f0932a7de8
commit a7ad7f6a45
2 changed files with 2 additions and 7 deletions
--- a/app/assets/javascripts/defer/html-sanitizer-bundle.js
+++ b/app/assets/javascripts/defer/html-sanitizer-bundle.js
@ -883,9 +883,6 @@ html4.ATTRIBS = {
  'ol::type': 0,
  'p::align': 0,
  'pre::width': 0,
-  'progress::max': 0,
-  'progress::min': 0,
-  'progress::value': 0,
  'q::cite': 1,
  'source::type': 0,
  'track::default': 0,
@ -965,7 +962,6 @@ html4.ELEMENTS = {
  'legend': 0,
  'li': 1,
  'link': 274,
-  'mark': 0,
  'meter': 0,
  'nav': 0,
  'nobr': 0,
@ -977,7 +973,6 @@ html4.ELEMENTS = {
  'p': 1,
  'param': 274,
  'pre': 0,
-  'progress': 0,
  'q': 0,
  's': 0,
  'samp': 0,
@ -1076,7 +1071,6 @@ html4.ELEMENT_DOM_INTERFACES = {
  'li': 'HTMLLIElement',
  'link': 'HTMLLinkElement',
  'map': 'HTMLMapElement',
-  'mark': 'HTMLElement',
  'menu': 'HTMLMenuElement',
  'meta': 'HTMLMetaElement',
  'meter': 'HTMLMeterElement',
@ -1093,7 +1087,6 @@ html4.ELEMENT_DOM_INTERFACES = {
  'p': 'HTMLParagraphElement',
  'param': 'HTMLParamElement',
  'pre': 'HTMLPreElement',
-  'progress': 'HTMLProgressElement',
  'q': 'HTMLQuoteElement',
  's': 'HTMLElement',
  'samp': 'HTMLElement',
--- a/test/javascripts/lib/markdown_test.js
+++ b/test/javascripts/lib/markdown_test.js
@ -365,6 +365,8 @@ test("sanitize", function() {
  equal(sanitize("<textarea>hullo</textarea>"), "hullo");
  equal(sanitize("<button>press me!</button>"), "press me!");
  equal(sanitize("<canvas>draw me!</canvas>"), "draw me!");
+  equal(sanitize("<progress>hello"), "hello");
+  equal(sanitize("<mark>highlight</mark>"), "highlight");

  cooked("[the answer](javascript:alert(42))", "<p><a>the answer</a></p>", "it prevents XSS");