summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
authorSheogorath2017-11-24 10:10:50 +0100
committerSheogorath2017-11-24 10:10:50 +0100
commit93b91163cd79c37b98518cca30933b6cfae2674f (patch)
tree092633d2ffa08f06b27f2273b71d8cd45d9b6880 /public
parentd8997f938bfe80b6677f3ee7ca85d980b2a6061f (diff)
Prevent XSS vul by srcdoc in iframe
Diffstat (limited to 'public')
-rw-r--r--public/js/render.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/public/js/render.js b/public/js/render.js
index e2574b5f..46489247 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -18,7 +18,7 @@ whiteList['style'] = []
// allow kbd tag
whiteList['kbd'] = []
// allow ifram tag with some safe attributes
-whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'srcdoc', 'width', 'height']
+whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'sandbox', 'src', 'width', 'height']
// allow summary tag
whiteList['summary'] = []