diff options
| author | Patrick H. Lauke <[email protected]> | 2020-06-19 09:31:37 +0100 |
|---|---|---|
| committer | GitHub <[email protected]> | 2020-06-19 11:31:37 +0300 |
| commit | edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd (patch) | |
| tree | a1e408cd3c48309c49fc06d7dbb52d96ae02fae0 /js/src/util | |
| parent | 7acf586d3efa9b2bad6a93d81c7cdc3560de6cdf (diff) | |
| download | bootstrap-edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd.tar.xz bootstrap-edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd.zip | |
Change whitelist to allowlist (#31066)
Co-authored-by: XhmikosR <[email protected]>
Co-authored-by: Mark Otto <[email protected]>
Diffstat (limited to 'js/src/util')
| -rw-r--r-- | js/src/util/sanitizer.js | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/js/src/util/sanitizer.js b/js/src/util/sanitizer.js index e1ec36a40..27bdf6cb1 100644 --- a/js/src/util/sanitizer.js +++ b/js/src/util/sanitizer.js @@ -55,7 +55,7 @@ const allowedAttribute = (attr, allowedAttributeList) => { return false } -export const DefaultWhitelist = { +export const DefaultAllowlist = { // Global attributes allowed on any supplied element below. '*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN], a: ['target', 'href', 'title', 'rel'], @@ -89,7 +89,7 @@ export const DefaultWhitelist = { ul: [] } -export function sanitizeHtml(unsafeHtml, whiteList, sanitizeFn) { +export function sanitizeHtml(unsafeHtml, allowList, sanitizeFn) { if (!unsafeHtml.length) { return unsafeHtml } @@ -100,24 +100,24 @@ export function sanitizeHtml(unsafeHtml, whiteList, sanitizeFn) { const domParser = new window.DOMParser() const createdDocument = domParser.parseFromString(unsafeHtml, 'text/html') - const whitelistKeys = Object.keys(whiteList) + const allowlistKeys = Object.keys(allowList) const elements = [].concat(...createdDocument.body.querySelectorAll('*')) for (let i = 0, len = elements.length; i < len; i++) { const el = elements[i] const elName = el.nodeName.toLowerCase() - if (whitelistKeys.indexOf(elName) === -1) { + if (allowlistKeys.indexOf(elName) === -1) { el.parentNode.removeChild(el) continue } const attributeList = [].concat(...el.attributes) - const whitelistedAttributes = [].concat(whiteList['*'] || [], whiteList[elName] || []) + const allowedAttributes = [].concat(allowList['*'] || [], allowList[elName] || []) attributeList.forEach(attr => { - if (!allowedAttribute(attr, whitelistedAttributes)) { + if (!allowedAttribute(attr, allowedAttributes)) { el.removeAttribute(attr.nodeName) } }) |