zcy
/
svgedit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow data- attributes in the sanitize whitelist. Fixes issue #203.

master
codedread 2017-11-29 07:52:02 -08:00
parent cba2d0aa1e
commit 6f7aa650f8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
editor/sanitize.js
View File

@ -162,7 +162,7 @@ svgedit.sanitize.sanitizeSvg = function(node) {
// TODO(codedread): Programmatically add the se: attributes to the NS-aware whitelist. // TODO(codedread): Programmatically add the se: attributes to the NS-aware whitelist.
// Bypassing the whitelist to allow se: prefixes. // Bypassing the whitelist to allow se: prefixes.
// Is there a more appropriate way to do this? // Is there a more appropriate way to do this?
if (attrName.indexOf('se:') === 0) { if (attrName.indexOf('se:') === 0 || attrName.indexOf('data-') === 0) {
seAttrs.push([attrName, attr.value]); seAttrs.push([attrName, attr.value]);
} }
node.removeAttributeNS(attrNsURI, attrLocalName); node.removeAttributeNS(attrNsURI, attrLocalName);