diff options
author | Rigel Kent <sendmemail@rigelk.eu> | 2018-06-10 18:20:19 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-06-11 17:18:04 +0200 |
commit | 77540346413259e4ec62ee8302e503bcd2a01047 (patch) | |
tree | dbb52d62018527c1b338a2f04607f6b6326e1902 /server | |
parent | 054a103b286277708a3a807a52da6cca12e1b0ce (diff) | |
download | PeerTube-77540346413259e4ec62ee8302e503bcd2a01047.tar.gz PeerTube-77540346413259e4ec62ee8302e503bcd2a01047.tar.zst PeerTube-77540346413259e4ec62ee8302e503bcd2a01047.zip |
(embed) sandbox the iframe
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/services.ts | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/server/controllers/services.ts b/server/controllers/services.ts index a58a5b8cf..1f82db9c4 100644 --- a/server/controllers/services.ts +++ b/server/controllers/services.ts | |||
@@ -45,7 +45,7 @@ function generateOEmbed (req: express.Request, res: express.Response, next: expr | |||
45 | thumbnailUrl = undefined | 45 | thumbnailUrl = undefined |
46 | } | 46 | } |
47 | 47 | ||
48 | const html = `<iframe width="${embedWidth}" height="${embedHeight}" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>` | 48 | const html = `<iframe width="${embedWidth}" height="${embedHeight}" sandbox="allow-same-origin allow-scripts" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>` |
49 | 49 | ||
50 | const json: any = { | 50 | const json: any = { |
51 | type: 'video', | 51 | type: 'video', |