Allow img src

Author: T4rk1n

components/dash-html-components/scripts/generate-components.js

@@ -256,7 +256,6 @@ const customImportsForComponents = {
     object: `import {sanitizeUrl} from '@braintree/sanitize-url';`,
     embed: `import {sanitizeUrl} from '@braintree/sanitize-url';`,
     button: `import {sanitizeUrl} from '@braintree/sanitize-url';`,
-    img: `import {sanitizeUrl} from '@braintree/sanitize-url';`,
 }
 
 function createXSSProtection(propName) {
@@ -282,8 +281,7 @@ const customCodesForComponents = {
     iframe: createXSSProtection('src'),
     object: createXSSProtection('data'),
     embed: createXSSProtection('src'),
-    button: createXSSProtection('formAction'),
-    img: createXSSProtection('src'),
+    button: createXSSProtection('formAction')
 }
 
 function generateComponent(Component, element, attributes) {

tests/integration/security/test_xss.py

@@ -27,8 +27,6 @@ def test_xss001_banned_protocols(dash_duo):
             html.Iframe(src='javascript:alert("iframe")', id="iframe-src"),
             html.ObjectEl(data='javascript:alert("data-object")', id="object-data"),
             html.Embed(src='javascript:alert("embed")', id="embed-src"),
-            # older browser
-            html.Img(src="javascript:alert('img-sr')", id="img-src"),
         ]
     )
 
@@ -41,7 +39,6 @@ def test_xss001_banned_protocols(dash_duo):
         ("#object-data", "data"),
         ("#embed-src", "src"),
         ("#button-form-action", "formAction"),
-        ("#img-src", "src"),
     ):
 
         element = dash_duo.find_element(element_id)