self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2024-12-30 10:36:35 +02:00
Code Issues Releases Activity

All: Security: Disallow EMBED tags to prevent XSS vulnerability

Browse Source
This commit is contained in:
Laurent Cozic 2020-09-06 19:29:42 +01:00
parent fbe966903b
commit 57d750bc9a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ReactNativeClient/lib/joplin-renderer/htmlUtils.js
View File

@ -91,7 +91,7 @@ class HtmlUtils {
// that can break several plugins, such as Katex (which needs to load CSS
// files using a relative URL). For that reason it is disabled.
// More info: https://github.com/laurent22/joplin/issues/3021
const disallowedTags = ['script', 'iframe', 'frameset', 'frame', 'object', 'base'];
const disallowedTags = ['script', 'iframe', 'frameset', 'frame', 'object', 'base', 'embed'];
const parser = new htmlparser2.Parser({