richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix: security html module removes allow attribute from iframes (#2354) 

* fix: secure html module removes allowfullscreen, allow and frameborder attributes from iframes
* Apply suggestions from code review
fix: remove deprecated attributes for iframe in secure html module

Co-authored-by: Nicolas Giard <github@ngpixel.com>
pull/2452/head
Иван 4 years ago
committed by GitHub
parent
660b78d9e2
commit
79c5b8fac2
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      server/modules/rendering/html-security/renderer.js

1
server/modules/rendering/html-security/renderer.js
View File

@ -29,6 +29,7 @@ module.exports = {
if (config.allowIFrames) { if (config.allowIFrames) {
allowedTags.push('iframe') allowedTags.push('iframe')
allowedAttrs.push('allow')
} }
input = DOMPurify.sanitize(input, { input = DOMPurify.sanitize(input, {

Write Preview
Loading…
Cancel
Save