Only transform <font>
This commit is contained in:
parent
8e3f2eb858
commit
32185befc0
1 changed files with 1 additions and 1 deletions
|
@ -141,7 +141,7 @@ var sanitizeHtmlParams = {
|
|||
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
|
||||
return { tagName: tagName, attribs : attribs };
|
||||
},
|
||||
'*': function(tagName, attribs) {
|
||||
'font': function(tagName, attribs) {
|
||||
// Only allow certain CSS attributes to avoid XSS attacks
|
||||
// Sanitizing values to avoid `url(...)` and `expression(...)` attacks
|
||||
if (!attribs.style) {
|
||||
|
|
Loading…
Reference in a new issue