Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #10200 from weseek/fix/169436-sanitize-srcdoc-iframe

fix: remove srcdoc from whitelist
Yuki Takei 8 months ago
parent
e09016b053 1e8f7a8cfb
commit
bc4fe532e9
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      apps/app/src/services/renderer/recommended-whitelist.ts

+ 1 - 1
apps/app/src/services/renderer/recommended-whitelist.ts
View File 

@@ -47,7 +47,7 @@ export const tagNames: Array<string> = [
 
 export const attributes: Attributes = deepmerge(
 
   relaxedSchemaAttributes,
 
   {
 
-    iframe: ['allow', 'referrerpolicy', 'sandbox', 'src', 'srcdoc'],
 
+    iframe: ['allow', 'referrerpolicy', 'sandbox', 'src'],
 
     video: ['controls', 'src', 'muted', 'preload', 'width', 'height', 'autoplay'],
 
     // The special value 'data*' as a property name can be used to allow all data properties.
 
     // see: https://github.com/syntax-tree/hast-util-sanitize/