leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add <figure> and <figcaption> to default whitelist

Browse Source 
* Figure https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figure
* Figcaption https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figcaption

Most RSS feeds are using these tags to wrap around media content. I propose to add these tags to the default whitelist because they don't require any attribute and do not open any XSS vulnerability
This commit is contained in:
Darius Smaliukas
2021-02-19 17:08:18 +02:00
committed by GitHub
parent be1d80c89d
commit 0024eefd42
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/default.js
View File

@@ -36,6 +36,8 @@ function getDefaultWhiteList() {
dl: [], dl: [],
dt: [], dt: [],
em: [], em: [],
figcaption: [],
figure: [],
font: ["color", "size", "face"], font: ["color", "size", "face"],
footer: [], footer: [],
h1: [], h1: [],