lint: ban all dangerous HTML tags

[fdroidserver.git] / fdroidserver / lint.py

diff --git a/fdroidserver/lint.py b/fdroidserver/lint.py
index 315a61b880d6d12417c377f2cce063f4705bd89d..b0a5cad76f93f52fb33752519bd98602e5605cf9 100644 (file)
--- a/fdroidserver/lint.py
+++ b/fdroidserver/lint.py
@@ -164,7 +164,7 @@ regex_checks = {
          _("Unnecessary leading space")),
         (re.compile(r'.*\s$'),
          _("Unnecessary trailing space")),
-        (re.compile(r'.*<(iframe|link|script).*'),
+        (re.compile(r'.*<(applet|base|body|button|embed|form|head|html|iframe|img|input|link|object|picture|script|source|style|svg|video).*', re.IGNORECASE),
          _("Forbidden HTML tags")),
         (re.compile(r'''.*\s+src=["']javascript:.*'''),
          _("Javascript in HTML src attributes")),