Closed cedric-anne closed 3 years ago
Some plugins are using HTML tags that are currently removed by sanitize process, even if they cannot be used for XSS purpose.
Removal of these tags combined with markdown transformation may lead to unexpected double encoding of HTML special chars ( see https://plugins.glpi-project.org/#/plugin/escalation ).
With this change, almost all HTML tags are allowed, except thoose that can be used to load external resources (img, video, object, iframe, ...).
Some plugins are using HTML tags that are currently removed by sanitize process, even if they cannot be used for XSS purpose.
Removal of these tags combined with markdown transformation may lead to unexpected double encoding of HTML special chars ( see https://plugins.glpi-project.org/#/plugin/escalation ).
With this change, almost all HTML tags are allowed, except thoose that can be used to load external resources (img, video, object, iframe, ...).