apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[FIX] Sanitize styles in message (#25744)

Browse Source
pull/25794/head
Yash Rajpal 4 years ago committed by GitHub
parent 707a62263e
commit b89ebfff4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/meteor/app/markdown/lib/parser/marked/marked.js

2
apps/meteor/app/markdown/lib/parser/marked/marked.js
Unescape View File

@ -100,7 +100,7 @@ export const marked = (message, { marked: { gfm, tables, breaks, pedantic, smart
const window = getGlobalWindow();
const DomPurify = createDOMPurify(window);
message.html = DomPurify.sanitize(message.html, { ADD_ATTR: ['target'] });
message.html = DomPurify.sanitize(message.html, { ADD_ATTR: ['target'], FORBID_ATTR: ['style'], FORBID_TAGS: ['style'] });
return message;
};

Write Preview
Loading…
Cancel
Save