Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-01-23 02:35:23 +00:00
Code Issues Projects Releases Wiki Activity

refactor: use given HTML config for DOMPurify

Browse source
This commit is contained in:
rugk 2025-11-15 09:57:39 +00:00
parent f6893d338b
commit ad55131831
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
js/privatebin.js
View file

@ -812,12 +812,11 @@ jQuery.PrivateBin = (function($) {
if (containsHtml) {
// only allow tags/attributes we actually use in translations
output = DOMPurify.sanitize(
output, {
const sanitizeConfig = Object.assign({}, purifyHtmlConfig, {
ALLOWED_TAGS: ['a', 'i', 'span', 'kbd'],
ALLOWED_ATTR: ['href', 'id']
}
);
});
output = DOMPurify.sanitize(output, sanitizeConfig);
}
// if $element is given, insert translation