Browse Source
fix: secure html module removes target attribute from links (#2012)
pull/2018/head
Regev Brody
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
1 additions and
1 deletions
-
server/modules/rendering/html-security/renderer.js
|
|
|
@ -7,7 +7,7 @@ module.exports = { |
|
|
|
const window = new JSDOM('').window |
|
|
|
const DOMPurify = createDOMPurify(window) |
|
|
|
|
|
|
|
const allowedAttrs = ['v-pre', 'v-slot:tabs', 'v-slot:content'] |
|
|
|
const allowedAttrs = ['v-pre', 'v-slot:tabs', 'v-slot:content', 'target'] |
|
|
|
const allowedTags = ['tabset', 'template'] |
|
|
|
|
|
|
|
if (config.allowIFrames) { |
|
|
|
|
