diff options
author | Thibaut Girka <thib@sitedethib.com> | 2018-12-17 21:42:18 +0100 |
---|---|---|
committer | ThibG <thib@sitedethib.com> | 2018-12-17 22:22:29 +0100 |
commit | 36d27e289177fdec5332539c94b8192022a412f2 (patch) | |
tree | ac65f54a51d4c63eedb97ca734bef4ed2a8e2cce /app/javascript/flavours | |
parent | 30de4e4dfccfde6e8fffce40fb7c1e47b06dc3be (diff) |
Sandbox toot embeds in the embed modal
It should not be necessary thanks to our Content Security Policy, but best be sure in case a server's CSP is incorrect. Also, avoids a CSP warning about loading remote scripts.
Diffstat (limited to 'app/javascript/flavours')
-rw-r--r-- | app/javascript/flavours/glitch/features/ui/components/embed_modal.js | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/javascript/flavours/glitch/features/ui/components/embed_modal.js b/app/javascript/flavours/glitch/features/ui/components/embed_modal.js index f3553f4a9..bf29b0da5 100644 --- a/app/javascript/flavours/glitch/features/ui/components/embed_modal.js +++ b/app/javascript/flavours/glitch/features/ui/components/embed_modal.js @@ -74,6 +74,7 @@ export default class EmbedModal extends ImmutablePureComponent { className='embed-modal__iframe' frameBorder='0' ref={this.setIframeRef} + sandbox='allow-same-origin' title='preview' /> </div> |