ar
/
mastodon
forked from treehouse/mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sandbox toot embeds in the embed modal 

It should not be necessary thanks to our Content Security Policy, but best
be sure in case a server's CSP is incorrect. Also, avoids a CSP warning about
loading remote scripts.
rebase/4.0.0rc2
Thibaut Girka 2018-12-17 21:42:18 +01:00 committed by ThibG
parent 30de4e4dfc
commit 36d27e2891
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/javascript/flavours/glitch/features/ui/components/embed_modal.js
View File

@ -74,6 +74,7 @@ export default class EmbedModal extends ImmutablePureComponent {
className='embed-modal__iframe'
frameBorder='0'
ref={this.setIframeRef}
sandbox='allow-same-origin'
title='preview'
/>
</div>