scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-03-01 02:05:41 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #6315 from okriuchykhin/ok_SCI_9369

Browse source 
Reduce allowed data attributes in sanitizer config only to data-mce-token [SCI-9369]
This commit is contained in:
Alex Kriuchykhin 2023-09-29 11:24:25 +02:00 committed by GitHub
commit 9745ef62dc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/initializers/constants.rb
View file

@ -324,7 +324,7 @@ class Constants
config = Sanitize::Config::RELAXED.deep_dup config = Sanitize::Config::RELAXED.deep_dup
config[:attributes][:all] << 'id' config[:attributes][:all] << 'id'
config[:attributes][:all] << 'contenteditable' config[:attributes][:all] << 'contenteditable'
config[:attributes][:all] << :data config[:attributes]['img'] << 'data-mce-token'
INPUT_SANITIZE_CONFIG = Sanitize::Config.freeze_config(config) INPUT_SANITIZE_CONFIG = Sanitize::Config.freeze_config(config)
REPOSITORY_DEFAULT_PAGE_SIZE = 10 REPOSITORY_DEFAULT_PAGE_SIZE = 10