X-Git-Url: https://git.auder.net/?p=qomet.git;a=blobdiff_plain;f=routes%2Fassessments.js;h=dc749ed5503cfc872898068ba5776607fb903142;hp=49410c4be88dbfc9802d587a0998abf78937a2de;hb=6bf4a38e1a82fdcdf1d2742a3e8937b26fe2e873;hpb=85cf9f89b9c046ff408e16734ea9eb781864ec9f

diff --git a/routes/assessments.js b/routes/assessments.js
index 49410c4..dc749ed 100644
--- a/routes/assessments.js
+++ b/routes/assessments.js
@@ -8,6 +8,10 @@ const params = require("../config/parameters");
 const validator = require("../public/javascripts/utils/validation");
 const ObjectId = require("bson-objectid");
 const sanitizeHtml = require('sanitize-html');
+const sanitizeOpts = {
+	allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img' ]),
+	allowedAttributes: { code: [ 'class' ] },
+};
 
 router.get("/add/assessment", access.ajax, access.logged, (req,res) => {
 	const name = req.query["name"];
@@ -27,7 +31,6 @@ router.post("/update/assessment", access.ajax, access.logged, (req,res) => {
 	let error = validator(assessment, "Assessment");
 	if (error.length > 0)
 		return res.json({errmsg:error});
-	const sanitizeOpts = {allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img' ]) };
 	assessment.introduction = sanitizeHtml(assessment.introduction, sanitizeOpts);
 	assessment.conclusion = sanitizeHtml(assessment.conclusion, sanitizeOpts);
 	assessment.questions.forEach( q => {