(embed) sandbox the iframe

This commit is contained in:
Rigel Kent 2018-06-10 18:20:19 +02:00 committed by Chocobozzz
parent 054a103b28
commit 7754034641
2 changed files with 2 additions and 1 deletions

View File

@ -92,6 +92,7 @@ function buildVideoLink (time?: number) {
function buildVideoEmbed (embedUrl: string) { function buildVideoEmbed (embedUrl: string) {
return '<iframe width="560" height="315" ' + return '<iframe width="560" height="315" ' +
'sandbox="allow-same-origin allow-scripts" ' +
'src="' + embedUrl + '" ' + 'src="' + embedUrl + '" ' +
'frameborder="0" allowfullscreen>' + 'frameborder="0" allowfullscreen>' +
'</iframe>' '</iframe>'

View File

@ -45,7 +45,7 @@ function generateOEmbed (req: express.Request, res: express.Response, next: expr
thumbnailUrl = undefined thumbnailUrl = undefined
} }
const html = `<iframe width="${embedWidth}" height="${embedHeight}" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>` const html = `<iframe width="${embedWidth}" height="${embedHeight}" sandbox="allow-same-origin allow-scripts" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>`
const json: any = { const json: any = {
type: 'video', type: 'video',