tedkulp/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-03-05 13:30:32 -05:00
Code Issues Packages Projects Releases Wiki Activity

refactor: use given HTML config for DOMPurify

Browse Source
This commit is contained in:
rugk
2025-11-15 09:57:39 +00:00
parent f6893d338b
commit ad55131831
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
js/privatebin.js
View File

@@ -812,12 +812,11 @@ jQuery.PrivateBin = (function($) {
if (containsHtml) {
// only allow tags/attributes we actually use in translations
output = DOMPurify.sanitize(
output, {
const sanitizeConfig = Object.assign({}, purifyHtmlConfig, {
ALLOWED_TAGS: ['a', 'i', 'span', 'kbd'],
ALLOWED_ATTR: ['href', 'id']
}
);
});
output = DOMPurify.sanitize(output, sanitizeConfig);
}
// if $element is given, insert translation