mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-15 06:38:51 +00:00
Sandbox toot embeds in the embed modal
It should not be necessary thanks to our Content Security Policy, but best be sure in case a server's CSP is incorrect. Also, avoids a CSP warning about loading remote scripts.
This commit is contained in:
parent
30de4e4dfc
commit
36d27e2891
|
@ -74,6 +74,7 @@ export default class EmbedModal extends ImmutablePureComponent {
|
||||||
className='embed-modal__iframe'
|
className='embed-modal__iframe'
|
||||||
frameBorder='0'
|
frameBorder='0'
|
||||||
ref={this.setIframeRef}
|
ref={this.setIframeRef}
|
||||||
|
sandbox='allow-same-origin'
|
||||||
title='preview'
|
title='preview'
|
||||||
/>
|
/>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in a new issue