summaryrefslogtreecommitdiff
path: root/public/js
diff options
context:
space:
mode:
Diffstat (limited to 'public/js')
-rw-r--r--public/js/render.js12
1 files changed, 6 insertions, 6 deletions
diff --git a/public/js/render.js b/public/js/render.js
index 61663a4b..746820ae 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -26,30 +26,30 @@ var filterXSSOptions = {
allowCommentTag: true,
whiteList: whiteList,
escapeHtml: function (html) {
- // allow html comment in multiple lines
+ // allow html comment in multiple lines
return html.replace(/<(.*?)>/g, '&lt;$1&gt;')
},
onIgnoreTag: function (tag, html, options) {
- // allow comment tag
+ // allow comment tag
if (tag === '!--') {
// do not filter its attributes
return html
}
},
onTagAttr: function (tag, name, value, isWhiteAttr) {
- // allow href and src that match linkRegex
+ // allow href and src that match linkRegex
if (isWhiteAttr && (name === 'href' || name === 'src') && linkRegex.test(value)) {
return name + '="' + filterXSS.escapeAttrValue(value) + '"'
}
- // allow data uri in img src
+ // allow data uri in img src
if (isWhiteAttr && (tag === 'img' && name === 'src') && dataUriRegex.test(value)) {
return name + '="' + filterXSS.escapeAttrValue(value) + '"'
}
},
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
- // allow attr start with 'data-' or in the whiteListAttr
+ // allow attr start with 'data-' or in the whiteListAttr
if (name.substr(0, 5) === 'data-' || window.whiteListAttr.indexOf(name) !== -1) {
- // escape its value using built-in escapeAttrValue function
+ // escape its value using built-in escapeAttrValue function
return name + '="' + filterXSS.escapeAttrValue(value) + '"'
}
}