mirrors/TiddlyWiki5
1
0
Fork 0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2025-11-15 14:57:42 +00:00
Code Issues Releases Wiki Activity

Explicitly blacklist unsafe elements, starting with <script>

Browse Source 
Are there are any other elements that might be considered unsafe?
This commit is contained in:
Jermolene
2014-03-19 10:05:44 +00:00
parent 925b3d2a5b
commit ba6edd42c1
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/modules/widgets/element.js
View File

@@ -30,7 +30,12 @@ ElementWidget.prototype.render = function(parent,nextSibling) {
this.parentDomNode = parent;
this.computeAttributes();
this.execute();
var domNode = this.document.createElementNS(this.namespace,this.parseTreeNode.tag);
// Neuter blacklisted elements
var tag = this.parseTreeNode.tag;
if($tw.config.htmlUnsafeElements.indexOf(tag) !== -1) {
tag = "safe-" + tag;
}
var domNode = this.document.createElementNS(this.namespace,tag);
this.assignAttributes(domNode,{excludeEventAttributes: true});
parent.insertBefore(domNode,nextSibling);
this.renderChildren(domNode,null);