aboutsummaryrefslogtreecommitdiffhomepage
path: root/client/src
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2021-10-11 11:13:06 +0200
committerChocobozzz <me@florianbigard.com>2021-10-11 11:13:27 +0200
commitbdb1dfc17653ca327c2656922a651762fd222a24 (patch)
treefbc175cab61f6147dabeccaee889c00da48c2a17 /client/src
parent9b513232ac916e963a3ad85a0cef777638143b70 (diff)
downloadPeerTube-bdb1dfc17653ca327c2656922a651762fd222a24.tar.gz
PeerTube-bdb1dfc17653ca327c2656922a651762fd222a24.tar.zst
PeerTube-bdb1dfc17653ca327c2656922a651762fd222a24.zip
Safer iframe creation
Diffstat (limited to 'client/src')
-rw-r--r--client/src/assets/player/utils.ts18
1 files changed, 9 insertions, 9 deletions
diff --git a/client/src/assets/player/utils.ts b/client/src/assets/player/utils.ts
index f2e9adb14..cbca1065f 100644
--- a/client/src/assets/player/utils.ts
+++ b/client/src/assets/player/utils.ts
@@ -1,4 +1,3 @@
1import { escapeHTML } from '@shared/core-utils/renderer'
2import { VideoFile } from '@shared/models' 1import { VideoFile } from '@shared/models'
3 2
4function toTitleCase (str: string) { 3function toTitleCase (str: string) {
@@ -44,14 +43,15 @@ function isMobile () {
44} 43}
45 44
46function buildVideoOrPlaylistEmbed (embedUrl: string, embedTitle: string) { 45function buildVideoOrPlaylistEmbed (embedUrl: string, embedTitle: string) {
47 const title = escapeHTML(embedTitle) 46 const iframe = document.createElement('iframe')
48 47
49 return '<iframe width="560" height="315" ' + 48 iframe.title = embedTitle
50 'sandbox="allow-same-origin allow-scripts allow-popups" ' + 49 iframe.src = embedUrl
51 'title="' + title + '" ' + 50 iframe.frameBorder = '0'
52 'src="' + embedUrl + '" ' + 51 iframe.allowFullscreen = true
53 'frameborder="0" allowfullscreen>' + 52 iframe.sandbox.add('allow-same-origin', 'allow-scripts', 'allow-popups')
54 '</iframe>' 53
54 return iframe.outerHTML
55} 55}
56 56
57function videoFileMaxByResolution (files: VideoFile[]) { 57function videoFileMaxByResolution (files: VideoFile[]) {