Inicio Explorar Axuda
Iniciar sesión
mirrors
/
wikijs
réplica de https://github.com/Requarks/wiki.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

fix: security html module removes allow attribute from iframes (#2354)

* fix: secure html module removes allowfullscreen, allow and frameborder attributes from iframes
* Apply suggestions from code review
fix: remove deprecated attributes for iframe in secure html module

Co-authored-by: Nicolas Giard <github@ngpixel.com>
Иван %!s(int64=4) %!d(string=hai) anos
pai
660b78d9e2
achega
79c5b8fac2
Modificáronse 1 ficheiros con 1 adicións e 0 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 1 0
      server/modules/rendering/html-security/renderer.js

+ 1 - 0
server/modules/rendering/html-security/renderer.js
Ver ficheiro 

@@ -29,6 +29,7 @@ module.exports = {
 
 
 
       if (config.allowIFrames) {
 
       if (config.allowIFrames) {
 
         allowedTags.push('iframe')
 
         allowedTags.push('iframe')
 
+        allowedAttrs.push('allow')
 
       }
 
       }
 
 
 
       input = DOMPurify.sanitize(input, {
 
       input = DOMPurify.sanitize(input, {