matrix/matrix-react-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-react-sdk.git synced 2025-08-04 23:02:14 +03:00
Code Activity

Sanitise for *, fix style issues

Browse Source
This commit is contained in:
Luke Barnard
2017-02-27 11:23:37 +00:00
parent ae03244e6e
commit 886b0a3f13
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/HtmlUtils.js
View File

@@ -141,7 +141,7 @@ var sanitizeHtmlParams = {
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
return { tagName: tagName, attribs : attribs };
},
'font': function(tagName, attribs) {
'*': function(tagName, attribs) {
// Only allow certain CSS attributes to avoid XSS attacks
// Sanitizing values to avoid `url(...)` and `expression(...)` attacks
if (!attribs.style) {
@@ -152,7 +152,9 @@ var sanitizeHtmlParams = {
let sanitisedStyle = "";
for (let i = 0; i < pairs.length; i++) {
const pair = pairs[i].split(':');
if (!Object.keys(ALLOWED_CSS).includes(pair[0]) || !ALLOWED_CSS[pair[0]].test(pair[1])) {
if (!Object.keys(ALLOWED_CSS).includes(pair[0]) ||
!ALLOWED_CSS[pair[0]].test(pair[1])
) {
continue;
}
sanitisedStyle += pair[0] + ":" + pair[1] + ";";