Skip to content
This repository has been archived by the owner on Mar 8, 2019. It is now read-only.

'src' attribute check method accepts data URL #336

Closed
wants to merge 1 commit into from
Closed

'src' attribute check method accepts data URL #336

wants to merge 1 commit into from

Conversation

Andreyco
Copy link

Modified regular expression to match data URL for images encoded to base64.
Fixes issue 334

@Andreyco
'src' attribute check method accepts data URL
75fc293 
Modified regular expression to match data URL for images encoded to base64.
Fixes this [issue 334](#334)
@Andreyco Andreyco mentioned this pull request Feb 18, 2013
Closed
@crccheck
Copy link

This seem like a useful feature. I'm just not sure about it being on "src" since the point of whitelisting is to prevent people from being able to do things like <iframe src="data:image/gif;base64,R0lGOD....

It looks like the tests for these live in test/dom/parse_test.js, which should be updated to verify this functionality.

@Andreyco
Copy link
Author

Yeah, you may be right. But, is there a way to do so? Write another method like 'image_src' to allow data URLs only for images?

About the tests, do you mean "Check custom data attributes"? Unfortunately, these are for HTML5 'data-' attributes, not for data URLs.

@Andreyco
Copy link
Author

Is this project somehow... dead? No response from original author for almost 2 months.

@Andreyco Andreyco closed this Mar 30, 2013
@ShauBoHsu ShauBoHsu mentioned this pull request Jan 17, 2018
Open
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Image with src in format "data:image/...." is removed
2 participants
@Andreyco @crccheck