consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a303a60f65fa2fcd51a78ac3256e1ce6df21fa81
grecia/lib/admin_wysiwyg_sanitizer.rb
Javi Martín f917f5eed9 Filter image tags everywhere except in custom pages 
Allowing image tags everywhere makes us vulnerable to CSRF attacks.
2018-09-12 12:35:28 +02:00

10 lines
158 B
Ruby
Raw Blame History

class AdminWYSIWYGSanitizer < WYSIWYGSanitizer
def allowed_tags
super + %w[img]
end
def allowed_attributes
super + %w[alt src style]
end
end
Reference in New Issue View Git Blame Copy Permalink