From 049eae502456cac83b5266df6defaba4d130d820 Mon Sep 17 00:00:00 2001 From: "Cheng-Han, Wu" Date: Fri, 4 Mar 2016 23:17:59 +0800 Subject: [PATCH] Fixed filter XSS should allow ordered list specify start number --- public/js/render.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/public/js/render.js b/public/js/render.js index dadd52f..9c1fa27 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -16,6 +16,10 @@ var filterXSSOptions = { // escape its value using built-in escapeAttrValue function return name + '="' + filterXSS.escapeAttrValue(value) + '"'; } + // allow ol specify start number + if (tag === 'ol' && name === 'start') { + return name + '="' + filterXSS.escapeAttrValue(value) + '"'; + } } };