summaryrefslogtreecommitdiffstats
path: root/settings/js/apps.js
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-01-13 18:46:41 +0100
committerLukas Reschke <lukas@statuscode.ch>2017-01-13 18:58:18 +0100
commitddfc7e6a3fd231f2c3fbac4a862d595cd30fd954 (patch)
treec6969ee484056201cc895f2c1a9da961bab55791 /settings/js/apps.js
parent6a047a045a54d77bc36f7cbc70d761e5f16d5755 (diff)
downloadnextcloud-server-ddfc7e6a3fd231f2c3fbac4a862d595cd30fd954.tar.gz
nextcloud-server-ddfc7e6a3fd231f2c3fbac4a862d595cd30fd954.zip
Manually whitelist tags
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'settings/js/apps.js')
-rw-r--r--settings/js/apps.js17
1 files changed, 16 insertions, 1 deletions
diff --git a/settings/js/apps.js b/settings/js/apps.js
index 65a05116557..db1bafaf8d0 100644
--- a/settings/js/apps.js
+++ b/settings/js/apps.js
@@ -189,7 +189,22 @@ OC.Settings.Apps = OC.Settings.Apps || {
}
// Parse markdown in app description
- app.description = DOMPurify.sanitize(marked(app.description.trim(), OC.Settings.Apps.markedOptions));
+ app.description = DOMPurify.sanitize(
+ marked(app.description.trim(), OC.Settings.Apps.markedOptions),
+ {
+ SAFE_FOR_JQUERY: true,
+ ALLOWED_TAGS: [
+ 'strong',
+ 'p',
+ 'a',
+ 'ul',
+ 'li',
+ 'em',
+ 's',
+ 'blockquote'
+ ]
+ }
+ );
var html = template(app);
if (selector) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 17:22:53 +0000