lib/onebox/sanitize_config.rb in onebox-1.8.68 vs lib/onebox/sanitize_config.rb in onebox-1.8.69
- old
+ new
@@ -2,20 +2,22 @@
module Config
HTTP_PROTOCOLS ||= ['http', 'https', :relative].freeze
ONEBOX ||= freeze_config merge(RELAXED,
- elements: RELAXED[:elements] + %w[audio embed iframe source video],
+ elements: RELAXED[:elements] + %w[audio embed iframe source video svg path],
attributes: {
- 'a' => RELAXED[:attributes]['a'] + %w(target),
- 'audio' => %w[controls],
- 'embed' => %w[height src type width],
+ 'a' => RELAXED[:attributes]['a'] + %w(target),
+ 'audio' => %w[controls],
+ 'embed' => %w[height src type width],
'iframe' => %w[allowfullscreen frameborder height scrolling src width],
'source' => %w[src type],
- 'video' => %w[controls height loop width autoplay muted poster],
- 'div' => [:data], # any data-* attributes
+ 'video' => %w[controls height loop width autoplay muted poster],
+ 'path' => %w[d],
+ 'svg' => ['aria-hidden', 'width', 'height', 'viewbox'],
+ 'div' => [:data], # any data-* attributes
},
add_attributes: {
'iframe' => {
'seamless' => 'seamless',
@@ -36,10 +38,10 @@
end
end
],
protocols: {
- 'embed' => { 'src' => HTTP_PROTOCOLS },
+ 'embed' => { 'src' => HTTP_PROTOCOLS },
'iframe' => { 'src' => HTTP_PROTOCOLS },
'source' => { 'src' => HTTP_PROTOCOLS },
},
)
end