diff --git a/js/test/AttachmentViewer.js b/js/test/AttachmentViewer.js index 0cf89a30..54ddfc1a 100644 --- a/js/test/AttachmentViewer.js +++ b/js/test/AttachmentViewer.js @@ -88,7 +88,12 @@ describe('AttachmentViewer', function () { if (prefix.indexOf('').text((prefix + filename + postfix)).text(); } else { - result = prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix; + result = DOMPurify.sanitize( + prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix, { + ALLOWED_TAGS: ['a', 'i', 'span'], + ALLOWED_ATTR: ['href', 'id'] + } + ); } if (filename.length) { results.push(