diff --git a/src/components/ha-markdown.js b/src/components/ha-markdown.js index 5723c6e992..c09267a398 100644 --- a/src/components/ha-markdown.js +++ b/src/components/ha-markdown.js @@ -3,6 +3,12 @@ import EventsMixin from '../mixins/events-mixin.js'; let loaded = null; +/** + * White list allowed svg tag. + * Only put in the tag used in QR code, can be extend in future. + */ +const svgWhiteList = ['svg', 'path']; + /* * @appliesMixin EventsMixin */ @@ -13,7 +19,7 @@ class HaMarkdown extends EventsMixin(PolymerElement) { type: String, observer: '_render', }, - disableXssFilter: { + allowSvg: { type: Boolean, value: false, }, @@ -33,7 +39,7 @@ class HaMarkdown extends EventsMixin(PolymerElement) { loaded.then( ({ marked, filterXSS }) => { this.marked = marked; - this.filterXSS = this.disableXssFilter ? c => c : filterXSS; + this.filterXSS = filterXSS; this._scriptLoaded = 1; }, () => { this._scriptLoaded = 2; }, @@ -54,7 +60,11 @@ class HaMarkdown extends EventsMixin(PolymerElement) { gfm: true, tables: true, breaks: true - })); + }), { + onIgnoreTag: this.allowSvg + ? (tag, html) => (svgWhiteList.indexOf(tag) >= 0 ? html : null) + : null + }); this._resize(); const walker = document.createTreeWalker(this, 1 /* SHOW_ELEMENT */, null, false); diff --git a/src/panels/config/config-entries/ha-config-flow.js b/src/panels/config/config-entries/ha-config-flow.js index 1d1c8d3cfe..4da8189094 100644 --- a/src/panels/config/config-entries/ha-config-flow.js +++ b/src/panels/config/config-entries/ha-config-flow.js @@ -71,7 +71,7 @@ class HaConfigFlow extends