diff options
author | Sheogorath | 2017-11-24 10:10:50 +0100 |
---|---|---|
committer | Sheogorath | 2017-11-24 10:10:50 +0100 |
commit | 93b91163cd79c37b98518cca30933b6cfae2674f (patch) | |
tree | 092633d2ffa08f06b27f2273b71d8cd45d9b6880 | |
parent | d8997f938bfe80b6677f3ee7ca85d980b2a6061f (diff) |
Prevent XSS vul by srcdoc in iframe
-rw-r--r-- | public/js/render.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/public/js/render.js b/public/js/render.js index e2574b5f..46489247 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -18,7 +18,7 @@ whiteList['style'] = [] // allow kbd tag whiteList['kbd'] = [] // allow ifram tag with some safe attributes -whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'srcdoc', 'width', 'height'] +whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'width', 'height'] // allow summary tag whiteList['summary'] = [] |