From 0dc04e659f3d80d3516d78c80728e63eaea24379 Mon Sep 17 00:00:00 2001 From: Tankred Hase Date: Wed, 22 Apr 2015 18:01:53 +0200 Subject: [PATCH] Add html tag to DOMpurity backlist to prevent HTTP leaks --- src/js/controller/app/read-sandbox.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/js/controller/app/read-sandbox.js b/src/js/controller/app/read-sandbox.js index 664abd6..0b32ed3 100644 --- a/src/js/controller/app/read-sandbox.js +++ b/src/js/controller/app/read-sandbox.js @@ -24,7 +24,7 @@ window.onmessage = function(e) { if (e.data.removeImages) { // remove http leaks document.body.innerHTML = DOMPurify.sanitize(html, { - FORBID_TAGS: ['style', 'svg', 'audio', 'video'], + FORBID_TAGS: ['style', 'svg', 'audio', 'video', 'math'], FORBID_ATTR: ['src'] }); } else {