diff --git a/src/HtmlUtils.js b/src/HtmlUtils.js
index dbcb59a20a..e022cb2dbb 100644
--- a/src/HtmlUtils.js
+++ b/src/HtmlUtils.js
@@ -28,7 +28,7 @@ var sanitizeHtmlParams = {
// deliberately no h1/h2 to stop people shouting.
'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
'nl', 'li', 'b', 'i', 'u', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
- 'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre'
+ 'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre', 'img',
],
allowedAttributes: {
// custom ones first:
@@ -42,7 +42,9 @@ var sanitizeHtmlParams = {
selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],
// URL schemes we permit
allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
- allowedSchemesByTag: {},
+ allowedSchemesByTag: {
+ img: [ 'data' ],
+ },
transformTags: { // custom to matrix
// add blank targets to all hyperlinks except vector URLs