Merge pull request #588 from Xaekai/moretags

Add some various harmless tags to the XSS whitelist
2016-07-07 23:06:46 -07:00 · 2016-07-07 23:06:46 -07:00 · 32bb63e06b
parent 7025a70034 42cf772dc3
commit 32bb63e06b
2 changed files with 7 additions and 2 deletions
--- a/package.json
+++ b/package.json
@ -2,7 +2,7 @@
  "author": "Calvin Montgomery",
  "name": "CyTube",
  "description": "Online media synchronizer and chat",
-  "version": "3.18.0",
+  "version": "3.18.1",
  "repository": {
    "url": "http://github.com/calzoneman/sync"
  },
--- a/src/xss.js
+++ b/src/xss.js
@ -5,6 +5,7 @@ var sanitizeHTML = require("sanitize-html");
 const ALLOWED_TAGS = [
    "button",
    "center",
+    "cite"
    "details",
    "font",
    "h1",
@ -13,8 +14,12 @@ const ALLOWED_TAGS = [
    "marquee", // It pains me to do this, but a lot of people use it...
    "s",
    "section",
+    "small",
    "span",
-    "summary"
+    "sub",
+    "summary",
+    "sup",
+    "template"
 ];

 const ALLOWED_ATTRIBUTES = [