From 5fccedb0d66fd2061e4e9f413f49ab1dbc6a133c Mon Sep 17 00:00:00 2001
From: Zade Viggers <74938858+zadeviggers@users.noreply.github.com>
Date: Tue, 25 Jan 2022 14:12:36 +1300
Subject: [PATCH] Allow srcset

---
 index.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/index.js b/index.js
index 8515483..8b21565 100644
--- a/index.js
+++ b/index.js
@@ -780,10 +780,9 @@ sanitizeHtml.defaults = {
   disallowedTagsMode: 'discard',
   allowedAttributes: {
     a: [ 'href', 'name', 'target' ],
-    // We don't currently allow img itself by default, but these
-    // would make sense if we did. You could add srcset here,
-    // and if you do the URL is checked for safety
-    img: [ 'src', 'alt', 'title', 'width', 'height', 'loading' ]
+    // We don't currently allow img itself by default, but
+    // these attributes would make sense if we did.
+    img: [ 'src', 'srcset', 'alt', 'title', 'width', 'height', 'loading' ]
   },
   // Lots of these won't come up by default because we don't allow them
   selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],