File tree Expand file tree Collapse file tree 2 files changed +23
-1
lines changed Expand file tree Collapse file tree 2 files changed +23
-1
lines changed Original file line number Diff line number Diff line change 1717import { htmlSanitizer } from '../third_party/caja/html-sanitizer' ;
1818
1919
20- /** @const {!Object<string, boolean>} */
20+ /**
21+ * @const {!Object<string, boolean>}
22+ * See https://github.com/ampproject/amphtml/blob/master/spec/amp-html-format.md
23+ */
2124const BLACKLISTED_TAGS = {
25+ 'applet' : true ,
26+ 'audio' : true ,
27+ 'base' : true ,
28+ 'embed' : true ,
29+ 'form' : true ,
30+ 'frame' : true ,
31+ 'frameset' : true ,
2232 'iframe' : true ,
2333 'img' : true ,
34+ 'input' : true ,
35+ 'link' : true ,
36+ 'meta' : true ,
37+ 'object' : true ,
2438 'script' : true ,
2539 'style' : true ,
2640 'template' : true ,
41+ 'video' : true ,
2742} ;
2843
2944
Original file line number Diff line number Diff line change @@ -43,6 +43,13 @@ describe('sanitizeHtml', () => {
4343 expect ( sanitizeHtml ( 'a<img>c' ) ) . to . be . equal ( 'ac' ) ;
4444 expect ( sanitizeHtml ( 'a<iframe></iframe>c' ) ) . to . be . equal ( 'ac' ) ;
4545 expect ( sanitizeHtml ( 'a<template></template>c' ) ) . to . be . equal ( 'ac' ) ;
46+ expect ( sanitizeHtml ( 'a<frame></frame>c' ) ) . to . be . equal ( 'ac' ) ;
47+ expect ( sanitizeHtml ( 'a<video></video>c' ) ) . to . be . equal ( 'ac' ) ;
48+ expect ( sanitizeHtml ( 'a<audio></audio>c' ) ) . to . be . equal ( 'ac' ) ;
49+ expect ( sanitizeHtml ( 'a<applet></applet>c' ) ) . to . be . equal ( 'ac' ) ;
50+ expect ( sanitizeHtml ( 'a<form></form>c' ) ) . to . be . equal ( 'ac' ) ;
51+ expect ( sanitizeHtml ( 'a<link></link>c' ) ) . to . be . equal ( 'ac' ) ;
52+ expect ( sanitizeHtml ( 'a<meta></meta>c' ) ) . to . be . equal ( 'ac' ) ;
4653 } ) ;
4754
4855 it ( 'should NOT output security-sensitive markup when nested' , ( ) => {
You can’t perform that action at this time.
0 commit comments