Merge pull request #509 from nextcloud/bugfix/504/fix-inline-javascri…

…pt-error

Do not prefix href of select2 with unsafe to avoid #504

js/app/Config.js

@@ -33,6 +33,9 @@ app.config(function ($provide, $interpolateProvider, $httpProvider, $urlRouterPr
 
 
 	$compileProvider.debugInfoEnabled(true);
+	// This should fix adding "unsafe:" prefix to ui-select href links containing javascript
+	// inline JS is blocked by CSP anyway and filtered out by our markdown renderer as well
+	$compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|javascript):/);
 
 	markdownItConverterProvider.use(markdownitLinkTarget, {
 		breaks: true,