diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-01-13 18:30:43 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-01-13 18:58:18 +0100 |
| commit | 6a047a045a54d77bc36f7cbc70d761e5f16d5755 (patch) | |
| tree | 915b90c9a1d54347a7a6f0bf51a2582e6c62da52 /settings/js | |
| parent | 4d7dee599667076c2baa0183b44adf4b4191a87a (diff) | |
| download | nextcloud-server-6a047a045a54d77bc36f7cbc70d761e5f16d5755.tar.gz nextcloud-server-6a047a045a54d77bc36f7cbc70d761e5f16d5755.zip | |
Apply DOMPurify over HTML
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'settings/js')
| -rw-r--r-- | settings/js/apps.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/settings/js/apps.js b/settings/js/apps.js index a527b354e68..65a05116557 100644 --- a/settings/js/apps.js +++ b/settings/js/apps.js @@ -189,7 +189,7 @@ OC.Settings.Apps = OC.Settings.Apps || { } // Parse markdown in app description - app.description = marked(app.description.trim(), OC.Settings.Apps.markedOptions); + app.description = DOMPurify.sanitize(marked(app.description.trim(), OC.Settings.Apps.markedOptions)); var html = template(app); if (selector) { @@ -653,7 +653,7 @@ OC.Settings.Apps = OC.Settings.Apps || { return ''; } - var out = '<a href="' + href + '"'; + var out = '<a href="' + href + '" rel="noreferrer noopener"'; if (title) { out += ' title="' + title + '"'; } |