diff options
| author | Christoph (Sheogorath) Kern | 2017-11-24 18:09:41 +0100 |
|---|---|---|
| committer | GitHub | 2017-11-24 18:09:41 +0100 |
| commit | 8ea09a8bd0a093a802a3fcb2fdac40935fa92f9e (patch) | |
| tree | f983ab58955fde69ce0e143b384dfd9ce0b29267 | |
| parent | 978ec8490617de6fa8eedcd108448e61fcf3fb40 (diff) | |
| parent | 93b91163cd79c37b98518cca30933b6cfae2674f (diff) | |
Merge pull request #627 from SISheogorath/fix/XSS
Prevent XSS vulnerbility by srcdoc in iframe
Diffstat (limited to '')
| -rw-r--r-- | public/js/render.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/public/js/render.js b/public/js/render.js index e2574b5f..46489247 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -18,7 +18,7 @@ whiteList['style'] = [] // allow kbd tag whiteList['kbd'] = [] // allow ifram tag with some safe attributes -whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'srcdoc', 'width', 'height'] +whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'width', 'height'] // allow summary tag whiteList['summary'] = [] |