From 67fd759d9b8e39a0e6141521a66e059b66434aeb Mon Sep 17 00:00:00 2001
From: Truman Gao <106889354+tdgao@users.noreply.github.com>
Date: Mon, 23 Mar 2026 10:27:59 -0700
Subject: [PATCH] fix: add poster attribute to configuredXss (#5646)

---
 packages/utils/parse.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/utils/parse.ts b/packages/utils/parse.ts
index 646caa5ae..fcf8b9d61 100644
--- a/packages/utils/parse.ts
+++ b/packages/utils/parse.ts
@@ -82,7 +82,7 @@ export const configuredXss = new FilterXSS({
 	safeAttrValue(tag, name, value, cssFilter) {
 		if (
 			(tag === 'img' || tag === 'video' || tag === 'audio' || tag === 'source') &&
-			(name === 'src' || name === 'srcset') &&
+			(name === 'src' || name === 'srcset' || name === 'poster') &&
 			!value.startsWith('data:')
 		) {
 			try {