summaryrefslogtreecommitdiff
path: root/public/js
diff options
context:
space:
mode:
Diffstat (limited to 'public/js')
-rw-r--r--public/js/render.js6
1 files changed, 6 insertions, 0 deletions
diff --git a/public/js/render.js b/public/js/render.js
index 5c2b017a..687d23c8 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -14,6 +14,12 @@ var filterXSSOptions = {
return html;
}
},
+ onTagAttr: function (tag, name, value, isWhiteAttr) {
+ // allow href starts with '.' or '/'
+ if (isWhiteAttr && name === 'href' && (value.indexOf('.') == 0 || value.indexOf('/') == 0)) {
+ return name + '="' + filterXSS.escapeAttrValue(value) + '"';
+ }
+ },
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
// allow attr start with 'data-' or in the whiteListAttr
if (name.substr(0, 5) === 'data-' || whiteListAttr.indexOf(name) !== -1) {