From: Chocobozzz <me@florianbigard.com>
Date: Fri, 25 Jun 2021 13:10:39 +0000 (+0200)
Subject: Fix image injection for custom markup
X-Git-Tag: v3.3.0-rc.1~51
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=0d25c5941466d824e0840b0381e368736f813d51;p=github%2FChocobozzz%2FPeerTube.git

Fix image injection for custom markup
---

diff --git a/shared/core-utils/renderer/html.ts b/shared/core-utils/renderer/html.ts
index bbf8b3fbd..c9757be85 100644
--- a/shared/core-utils/renderer/html.ts
+++ b/shared/core-utils/renderer/html.ts
@@ -30,11 +30,13 @@ export function getCustomMarkupSanitizeOptions (additionalAllowedTags: string[]
     allowedTags: [
       ...base.allowedTags,
       ...additionalAllowedTags,
-      'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6'
+      'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'img'
     ],
     allowedSchemes: base.allowedSchemes,
     allowedAttributes: {
       ...base.allowedAttributes,
+
+      'img': [ 'src', 'alt' ],
       '*': [ 'data-*', 'style' ]
     }
   }