ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Do not prefix href of select2 with unsafe to avoid #504

Browse Source 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
2018-06-28 15:26:27 +02:00
parent bfe71900d3
commit dc5fbbf7eb
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
js/app/Config.js
View File

@@ -33,6 +33,9 @@ app.config(function ($provide, $interpolateProvider, $httpProvider, $urlRouterPr
$compileProvider.debugInfoEnabled(true); $compileProvider.debugInfoEnabled(true);
// This should fix adding "unsafe:" prefix to ui-select href links containing javascript
// inline JS is blocked by CSP anyway and filtered out by our markdown renderer as well
$compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|javascript):/);
markdownItConverterProvider.use(markdownitLinkTarget, { markdownItConverterProvider.use(markdownitLinkTarget, {
breaks: true, breaks: true,