diff options
| author | Rigel Kent <sendmemail@rigelk.eu> | 2018-06-10 18:20:19 +0200 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2018-06-11 17:18:04 +0200 |
| commit | 77540346413259e4ec62ee8302e503bcd2a01047 (patch) | |
| tree | dbb52d62018527c1b338a2f04607f6b6326e1902 | |
| parent | 054a103b286277708a3a807a52da6cca12e1b0ce (diff) | |
| download | PeerTube-77540346413259e4ec62ee8302e503bcd2a01047.tar.gz PeerTube-77540346413259e4ec62ee8302e503bcd2a01047.tar.zst PeerTube-77540346413259e4ec62ee8302e503bcd2a01047.zip | |
(embed) sandbox the iframe
| -rw-r--r-- | client/src/assets/player/utils.ts | 1 | ||||
| -rw-r--r-- | server/controllers/services.ts | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/client/src/assets/player/utils.ts b/client/src/assets/player/utils.ts index b7cd40aa2..18a6b4dfa 100644 --- a/client/src/assets/player/utils.ts +++ b/client/src/assets/player/utils.ts | |||
| @@ -92,6 +92,7 @@ function buildVideoLink (time?: number) { | |||
| 92 | 92 | ||
| 93 | function buildVideoEmbed (embedUrl: string) { | 93 | function buildVideoEmbed (embedUrl: string) { |
| 94 | return '<iframe width="560" height="315" ' + | 94 | return '<iframe width="560" height="315" ' + |
| 95 | 'sandbox="allow-same-origin allow-scripts" ' + | ||
| 95 | 'src="' + embedUrl + '" ' + | 96 | 'src="' + embedUrl + '" ' + |
| 96 | 'frameborder="0" allowfullscreen>' + | 97 | 'frameborder="0" allowfullscreen>' + |
| 97 | '</iframe>' | 98 | '</iframe>' |
diff --git a/server/controllers/services.ts b/server/controllers/services.ts index a58a5b8cf..1f82db9c4 100644 --- a/server/controllers/services.ts +++ b/server/controllers/services.ts | |||
| @@ -45,7 +45,7 @@ function generateOEmbed (req: express.Request, res: express.Response, next: expr | |||
| 45 | thumbnailUrl = undefined | 45 | thumbnailUrl = undefined |
| 46 | } | 46 | } |
| 47 | 47 | ||
| 48 | const html = `<iframe width="${embedWidth}" height="${embedHeight}" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>` | 48 | const html = `<iframe width="${embedWidth}" height="${embedHeight}" sandbox="allow-same-origin allow-scripts" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>` |
| 49 | 49 | ||
| 50 | const json: any = { | 50 | const json: any = { |
| 51 | type: 'video', | 51 | type: 'video', |