(embed) sandbox the iframe
authorRigel Kent <sendmemail@rigelk.eu>
Sun, 10 Jun 2018 16:20:19 +0000 (18:20 +0200)
committerChocobozzz <me@florianbigard.com>
Mon, 11 Jun 2018 15:18:04 +0000 (17:18 +0200)
client/src/assets/player/utils.ts
server/controllers/services.ts

index b7cd40aa28e9155577ed49b1f270e1f3b92a33ec..18a6b4dfa48b12d70ed61a1a1aff6b1650da0f82 100644 (file)
@@ -92,6 +92,7 @@ function buildVideoLink (time?: number) {
 
 function buildVideoEmbed (embedUrl: string) {
   return '<iframe width="560" height="315" ' +
+    'sandbox="allow-same-origin allow-scripts" ' +
     'src="' + embedUrl + '" ' +
     'frameborder="0" allowfullscreen>' +
     '</iframe>'
index a58a5b8cf2b49a068de56f2480b2e39271198c4c..1f82db9c40a7a7c6a71ddee1978251f391eb2b09 100644 (file)
@@ -45,7 +45,7 @@ function generateOEmbed (req: express.Request, res: express.Response, next: expr
     thumbnailUrl = undefined
   }
 
-  const html = `<iframe width="${embedWidth}" height="${embedHeight}" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>`
+  const html = `<iframe width="${embedWidth}" height="${embedHeight}" sandbox="allow-same-origin allow-scripts" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>`
 
   const json: any = {
     type: 'video',