yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Sanitize url missing in editor embeds and widgets

Browse Source
This commit is contained in:
Tom Moor
2023-07-06 21:38:02 -04:00
parent ff1bc5db2a
commit a75d6b298e
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
shared/editor/components/Frame.tsx
View File

@@ -5,6 +5,7 @@ import * as React from "react";
import styled from "styled-components";
import { Optional } from "utility-types";
import { s } from "../../styles";
import { sanitizeUrl } from "../../utils/urls";
type Props = Omit<Optional<HTMLIFrameElement>, "children"> & {
src?: string;
@@ -81,7 +82,7 @@ class Frame extends React.Component<PropsWithRef> {
frameBorder="0"
title="embed"
loading="lazy"
src={src}
src={sanitizeUrl(src)}
referrerPolicy={referrerPolicy}
allowFullScreen
/>