diff options
author | Chocobozzz <me@florianbigard.com> | 2021-10-11 11:13:06 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2021-10-11 11:13:27 +0200 |
commit | bdb1dfc17653ca327c2656922a651762fd222a24 (patch) | |
tree | fbc175cab61f6147dabeccaee889c00da48c2a17 /client/src/assets/player | |
parent | 9b513232ac916e963a3ad85a0cef777638143b70 (diff) | |
download | PeerTube-bdb1dfc17653ca327c2656922a651762fd222a24.tar.gz PeerTube-bdb1dfc17653ca327c2656922a651762fd222a24.tar.zst PeerTube-bdb1dfc17653ca327c2656922a651762fd222a24.zip |
Safer iframe creation
Diffstat (limited to 'client/src/assets/player')
-rw-r--r-- | client/src/assets/player/utils.ts | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/client/src/assets/player/utils.ts b/client/src/assets/player/utils.ts index f2e9adb14..cbca1065f 100644 --- a/client/src/assets/player/utils.ts +++ b/client/src/assets/player/utils.ts | |||
@@ -1,4 +1,3 @@ | |||
1 | import { escapeHTML } from '@shared/core-utils/renderer' | ||
2 | import { VideoFile } from '@shared/models' | 1 | import { VideoFile } from '@shared/models' |
3 | 2 | ||
4 | function toTitleCase (str: string) { | 3 | function toTitleCase (str: string) { |
@@ -44,14 +43,15 @@ function isMobile () { | |||
44 | } | 43 | } |
45 | 44 | ||
46 | function buildVideoOrPlaylistEmbed (embedUrl: string, embedTitle: string) { | 45 | function buildVideoOrPlaylistEmbed (embedUrl: string, embedTitle: string) { |
47 | const title = escapeHTML(embedTitle) | 46 | const iframe = document.createElement('iframe') |
48 | 47 | ||
49 | return '<iframe width="560" height="315" ' + | 48 | iframe.title = embedTitle |
50 | 'sandbox="allow-same-origin allow-scripts allow-popups" ' + | 49 | iframe.src = embedUrl |
51 | 'title="' + title + '" ' + | 50 | iframe.frameBorder = '0' |
52 | 'src="' + embedUrl + '" ' + | 51 | iframe.allowFullscreen = true |
53 | 'frameborder="0" allowfullscreen>' + | 52 | iframe.sandbox.add('allow-same-origin', 'allow-scripts', 'allow-popups') |
54 | '</iframe>' | 53 | |
54 | return iframe.outerHTML | ||
55 | } | 55 | } |
56 | 56 | ||
57 | function videoFileMaxByResolution (files: VideoFile[]) { | 57 | function videoFileMaxByResolution (files: VideoFile[]) { |