Add some various harmless tags to the XSS whitelist

sub, sup: Closes #579 cite, small: Bootstrap uses these for blockquotes template: Will allow for cleaner channel scripts. Since it's contents are inert it will also allow channel admins to have "comments" in their banner.
2016-07-07 04:52:03 -07:00 · 2016-07-07 04:52:03 -07:00 · 9f4d2c7ffb
parent f75d40d278
commit 9f4d2c7ffb
2 changed files with 7 additions and 2 deletions
--- a/package.json
+++ b/package.json
@ -2,7 +2,7 @@
  "author": "Calvin Montgomery",
  "name": "CyTube",
  "description": "Online media synchronizer and chat",
-  "version": "3.17.5",
+  "version": "3.18.1",
  "repository": {
    "url": "http://github.com/calzoneman/sync"
  },
--- a/src/xss.js
+++ b/src/xss.js
@ -5,6 +5,7 @@ var sanitizeHTML = require("sanitize-html");
 const ALLOWED_TAGS = [
    "button",
    "center",
+    "cite"
    "details",
    "font",
    "h1",
@ -13,8 +14,12 @@ const ALLOWED_TAGS = [
    "marquee", // It pains me to do this, but a lot of people use it...
    "s",
    "section",
+    "small",
    "span",
-    "summary"
+    "sub",
+    "summary",
+    "sup",
+    "template"
 ];

 const ALLOWED_ATTRIBUTES = [