From bdb1dfc17653ca327c2656922a651762fd222a24 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 11 Oct 2021 11:13:06 +0200 Subject: Safer iframe creation --- client/src/assets/player/utils.ts | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'client') diff --git a/client/src/assets/player/utils.ts b/client/src/assets/player/utils.ts index f2e9adb14..cbca1065f 100644 --- a/client/src/assets/player/utils.ts +++ b/client/src/assets/player/utils.ts @@ -1,4 +1,3 @@ -import { escapeHTML } from '@shared/core-utils/renderer' import { VideoFile } from '@shared/models' function toTitleCase (str: string) { @@ -44,14 +43,15 @@ function isMobile () { } function buildVideoOrPlaylistEmbed (embedUrl: string, embedTitle: string) { - const title = escapeHTML(embedTitle) - - return '' + const iframe = document.createElement('iframe') + + iframe.title = embedTitle + iframe.src = embedUrl + iframe.frameBorder = '0' + iframe.allowFullscreen = true + iframe.sandbox.add('allow-same-origin', 'allow-scripts', 'allow-popups') + + return iframe.outerHTML } function videoFileMaxByResolution (files: VideoFile[]) { -- cgit v1.2.3