From 36d27e289177fdec5332539c94b8192022a412f2 Mon Sep 17 00:00:00 2001 From: Thibaut Girka Date: Mon, 17 Dec 2018 21:42:18 +0100 Subject: Sandbox toot embeds in the embed modal It should not be necessary thanks to our Content Security Policy, but best be sure in case a server's CSP is incorrect. Also, avoids a CSP warning about loading remote scripts. --- app/javascript/flavours/glitch/features/ui/components/embed_modal.js | 1 + 1 file changed, 1 insertion(+) (limited to 'app/javascript/flavours') diff --git a/app/javascript/flavours/glitch/features/ui/components/embed_modal.js b/app/javascript/flavours/glitch/features/ui/components/embed_modal.js index f3553f4a9..bf29b0da5 100644 --- a/app/javascript/flavours/glitch/features/ui/components/embed_modal.js +++ b/app/javascript/flavours/glitch/features/ui/components/embed_modal.js @@ -74,6 +74,7 @@ export default class EmbedModal extends ImmutablePureComponent { className='embed-modal__iframe' frameBorder='0' ref={this.setIframeRef} + sandbox='allow-same-origin' title='preview' /> -- cgit