]> git.proxmox.com Git - proxmox-widget-toolkit.git/commit
projects / proxmox-widget-toolkit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 71bc091) | patch
markdown: make sanitizer more strict
authorThomas Lamprecht <t.lamprecht@proxmox.com>
Sun, 4 Jul 2021 18:06:26 +0000 (20:06 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Sun, 4 Jul 2021 18:06:28 +0000 (20:06 +0200)
commitf2c4f9bdc2465b10aa3554c12efef7371331b7a9
tree081112758ea89466c0494c3c1dc12d7a8a046d7atree
parent71bc0913bd1a52d1f34e31815a53819a411fbd7ecommit | diff
markdown: make sanitizer more strict

The href, and in some browser also the src attrs on img, or a tags
can be made to execute JS rather easily, catch thoseand just remove
the attr if, after creating an URL object from it, it does not looks
like it's a http(s) request.

Further, filter out the style tag completely, as that can be misused
too, even if only to break cosmetics.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
src/Parser.js diff | blob | blame | history
Proxmox ExtJS Helpers