summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSheogorath2019-10-22 19:30:23 +0200
committerGitHub2019-10-22 19:30:23 +0200
commit3db757754f02ecd874b4750ee2f7d735222ce641 (patch)
tree73a74e8b8d884263507386b0dcc4be1588e620aa
parent145285abf60665e624272c965e25d765983c1775 (diff)
parent8494f6a085a45d8c494b70e4a7c28182310e37ea (diff)
Merge pull request #206 from SISheogorath/fix/CVE-2019-15499
Don't accept sandbox attribute
Diffstat (limited to '')
-rw-r--r--public/js/render.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/public/js/render.js b/public/js/render.js
index d37f38ef..ebda2984 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -20,7 +20,7 @@ whiteList['style'] = []
// allow kbd tag
whiteList['kbd'] = []
// allow ifram tag with some safe attributes
-whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'width', 'height']
+whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'src', 'width', 'height']
// allow summary tag
whiteList['summary'] = []
// allow ruby tag