From 65f9865f8b7dbaa56b252b5948ed6caa248c7391 Mon Sep 17 00:00:00 2001 From: David Benson Date: Sat, 7 May 2022 15:33:27 +0100 Subject: [PATCH] Prevents form submission in diagram preview https://huntr.dev/bounties/2a0b76a9-e463-4368-91fd-d10590bde03d/ --- src/main/webapp/js/grapheditor/Graph.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/webapp/js/grapheditor/Graph.js b/src/main/webapp/js/grapheditor/Graph.js index 9825791160..9db6f3748c 100644 --- a/src/main/webapp/js/grapheditor/Graph.js +++ b/src/main/webapp/js/grapheditor/Graph.js @@ -1663,7 +1663,7 @@ Graph.removePasteFormatting = function(elt) */ Graph.sanitizeHtml = function(value, editing) { - return DOMPurify.sanitize(value, {ADD_ATTR: ['target'], + return DOMPurify.sanitize(value, {ADD_ATTR: ['target'], FORBID_TAGS: ['form'], ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp|data):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i}); };