mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 08:57:10 -06:00
DEV: Update xss.js package (#16398)
This commit is contained in:
parent
06d4445ab0
commit
77fed8dfc3
@ -76,7 +76,7 @@ export function sanitize(text, allowLister) {
|
||||
}
|
||||
|
||||
let result = xss(text, {
|
||||
whiteList: allowList.tagList,
|
||||
allowList: allowList.tagList,
|
||||
stripIgnoreTag: true,
|
||||
stripIgnoreTagBody: ["script", "table"],
|
||||
|
||||
|
@ -35,7 +35,7 @@ function findUploadsInHtml(uploads, blockToken) {
|
||||
|
||||
let foundImage = false;
|
||||
const newContent = xss(blockToken.content, {
|
||||
whiteList: fakeAllowList,
|
||||
allowList: fakeAllowList,
|
||||
allowCommentTag: true,
|
||||
onTag(tag, html, options) {
|
||||
// We're not using this for sanitizing, so allow all tags through
|
||||
|
@ -18,7 +18,7 @@
|
||||
"ember-auto-import": "^2.2.4",
|
||||
"ember-cli-babel": "^7.13.0",
|
||||
"ember-cli-htmlbars": "^4.2.0",
|
||||
"xss": "^1.0.8",
|
||||
"xss": "^1.0.11",
|
||||
"webpack": "^5.67.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
@ -13864,6 +13864,14 @@ xmlhttprequest-ssl@~1.5.4:
|
||||
resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz#c2876b06168aadc40e57d97e81191ac8f4398b3e"
|
||||
integrity sha1-wodrBhaKrcQOV9l+gRkayPQ5iz4=
|
||||
|
||||
xss@^1.0.11:
|
||||
version "1.0.11"
|
||||
resolved "https://registry.yarnpkg.com/xss/-/xss-1.0.11.tgz#211cb82e95b5071d4c75d597283c021157ebe46a"
|
||||
integrity sha512-EimjrjThZeK2MO7WKR9mN5ZC1CSqivSl55wvUK5EtU6acf0rzEE1pN+9ZDrFXJ82BRp3JL38pPE6S4o/rpp1zQ==
|
||||
dependencies:
|
||||
commander "^2.20.3"
|
||||
cssfilter "0.0.10"
|
||||
|
||||
xss@^1.0.8:
|
||||
version "1.0.8"
|
||||
resolved "https://registry.yarnpkg.com/xss/-/xss-1.0.8.tgz#32feb87feb74b3dcd3d404b7a68ababf10700535"
|
||||
|
2
vendor/assets/javascripts/xss.min.js
vendored
2
vendor/assets/javascripts/xss.min.js
vendored
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user