diff options
| -rw-r--r-- | client/src/assets/player/utils.ts | 1 | ||||
| -rw-r--r-- | server/controllers/services.ts | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/client/src/assets/player/utils.ts b/client/src/assets/player/utils.ts index b7cd40aa2..18a6b4dfa 100644 --- a/client/src/assets/player/utils.ts +++ b/client/src/assets/player/utils.ts | |||
| @@ -92,6 +92,7 @@ function buildVideoLink (time?: number) { | |||
| 92 | 92 | ||
| 93 | function buildVideoEmbed (embedUrl: string) { | 93 | function buildVideoEmbed (embedUrl: string) { |
| 94 | return '<iframe width="560" height="315" ' + | 94 | return '<iframe width="560" height="315" ' + |
| 95 | 'sandbox="allow-same-origin allow-scripts" ' + | ||
| 95 | 'src="' + embedUrl + '" ' + | 96 | 'src="' + embedUrl + '" ' + |
| 96 | 'frameborder="0" allowfullscreen>' + | 97 | 'frameborder="0" allowfullscreen>' + |
| 97 | '</iframe>' | 98 | '</iframe>' |
diff --git a/server/controllers/services.ts b/server/controllers/services.ts index a58a5b8cf..1f82db9c4 100644 --- a/server/controllers/services.ts +++ b/server/controllers/services.ts | |||
| @@ -45,7 +45,7 @@ function generateOEmbed (req: express.Request, res: express.Response, next: expr | |||
| 45 | thumbnailUrl = undefined | 45 | thumbnailUrl = undefined |
| 46 | } | 46 | } |
| 47 | 47 | ||
| 48 | const html = `<iframe width="${embedWidth}" height="${embedHeight}" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>` | 48 | const html = `<iframe width="${embedWidth}" height="${embedHeight}" sandbox="allow-same-origin allow-scripts" src="${embedUrl}" frameborder="0" allowfullscreen></iframe>` |
| 49 | 49 | ||
| 50 | const json: any = { | 50 | const json: any = { |
| 51 | type: 'video', | 51 | type: 'video', |