Closed daraz999 closed 3 years ago
I have published a new version xss@1.0.9
including the following changes:
<summary>
to default whitelist #216 by @spacegaier<figure>
and <figcaption>
to default whitelist by @daraz999<audio crossorigin muted>
, <video crossorigin muted playsinline poster>
to default whitelist<strike>
to default whitelistonTag
options
Most RSS feeds are using these tags to wrap around media content. I propose to add these tags to the default whitelist because they don't require any attribute and do not open any XSS vulnerability