From 0dc04e659f3d80d3516d78c80728e63eaea24379 Mon Sep 17 00:00:00 2001
From: Tankred Hase <tankred@whiteout.io>
Date: Wed, 22 Apr 2015 18:01:53 +0200
Subject: [PATCH] Add <math> html tag to DOMpurity backlist to prevent HTTP
 leaks

---
 src/js/controller/app/read-sandbox.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/js/controller/app/read-sandbox.js b/src/js/controller/app/read-sandbox.js
index 664abd6..0b32ed3 100644
--- a/src/js/controller/app/read-sandbox.js
+++ b/src/js/controller/app/read-sandbox.js
@@ -24,7 +24,7 @@ window.onmessage = function(e) {
     if (e.data.removeImages) {
         // remove http leaks
         document.body.innerHTML = DOMPurify.sanitize(html, {
-            FORBID_TAGS: ['style', 'svg', 'audio', 'video'],
+            FORBID_TAGS: ['style', 'svg', 'audio', 'video', 'math'],
             FORBID_ATTR: ['src']
         });
     } else {