summaryrefslogtreecommitdiff
path: root/public/js
diff options
context:
space:
mode:
authorSheogorath2018-02-25 14:48:50 +0100
committerSheogorath2018-02-25 14:54:21 +0100
commit5d347d583d16d38333c84cfba4219826e45dfd0b (patch)
treeb3b475ab5405353ad4d91e8729471119c6d5650c /public/js
parentf642a1159900b332d3e88efd538cec22e3c8615a (diff)
Extend HTML5 support by whitelisting various tags
HTML5 provides a wide feature set of useful elements. Since Markdown usually supports HTML it should be able to use these HTML5 tags as well. As they were requested by some users and they where checked for being safe, whitelisting them isn't a problem. To make the experience the same as on GitHub when it comes to the basic look and feel of the rendered markdown, some CSS was added to make the summary and the details tag look like on GitHub. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to 'public/js')
-rw-r--r--public/js/render.js12
1 files changed, 11 insertions, 1 deletions
diff --git a/public/js/render.js b/public/js/render.js
index 46489247..860f8272 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -19,8 +19,18 @@ whiteList['style'] = []
whiteList['kbd'] = []
// allow ifram tag with some safe attributes
whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'width', 'height']
-// allow summary tag
+// allow details tag
+whiteList['details'] = []
+// allow summary tag for details
whiteList['summary'] = []
+// allow ruby tag
+whiteList['ruby'] = []
+// allow rt tag for ruby
+whiteList['rt'] = []
+// allow figure tag
+whiteList['figure'] = []
+// allow figcaption tag
+whiteList['figcaption'] = []
var filterXSSOptions = {
allowCommentTag: true,