Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed HTML attribute validation #5714

Merged
merged 1 commit into from Nov 20, 2020

Conversation

jsangmeister
Copy link
Collaborator

Copied all attributes from https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes that seemed to make sense for OpenSlides. It seems like the handlers (starting with on...) are the only cases which enable script execution. Please check if anything invaid is contained or something important is missing.

@jsangmeister
Copy link
Collaborator Author

The working example from Sean is fixed with this.

@jsangmeister
Copy link
Collaborator Author

Added some attributes

Copy link
Contributor

@tsiegleauq tsiegleauq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested. Cannot inject code anymore.

@jsangmeister jsangmeister merged commit 26e414e into OpenSlides:master Nov 20, 2020
@jsangmeister jsangmeister deleted the fix-html-validation branch November 20, 2020 15:23
@tsiegleauq
Copy link
Contributor

ok. good work @all.

@tsiegleauq tsiegleauq added this to the 3.3 milestone Nov 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants