Manually whitelist tags

Signed-off-by: Lukas Reschke <[email protected]>
nextcloud · nickvergessen · Jan 17, 2017 · Sep 30, 2016 · Sep 30, 2016 · Sep 30, 2016
commit a30d170aca2e13a11e8530aae736b728fe813895
diff --git a/settings/js/apps.js b/settings/js/apps.js
@@ -189,7 +189,22 @@ OC.Settings.Apps = OC.Settings.Apps || {
 		}
 
 		// Parse markdown in app description
-		app.description = DOMPurify.sanitize(marked(app.description.trim(), OC.Settings.Apps.markedOptions));
+		app.description = DOMPurify.sanitize(
+			marked(app.description.trim(), OC.Settings.Apps.markedOptions),
+			{
+				SAFE_FOR_JQUERY: true,
+				ALLOWED_TAGS: [
+					'strong',
+					'p',
+					'a',
+					'ul',
+					'li',
+					'em',
+					's',
+					'blockquote'
+				]
+			}
+		);
 
 		var html = template(app);
 		if (selector) {