fix: security html module removes allow attribute from iframes (#2354)
* fix: secure html module removes allowfullscreen, allow and frameborder attributes from iframes * Apply suggestions from code review fix: remove deprecated attributes for iframe in secure html module Co-authored-by: Nicolas Giard <github@ngpixel.com>
This commit is contained in:
parent
660b78d9e2
commit
79c5b8fac2
@ -29,6 +29,7 @@ module.exports = {
|
|||||||
|
|
||||||
if (config.allowIFrames) {
|
if (config.allowIFrames) {
|
||||||
allowedTags.push('iframe')
|
allowedTags.push('iframe')
|
||||||
|
allowedAttrs.push('allow')
|
||||||
}
|
}
|
||||||
|
|
||||||
input = DOMPurify.sanitize(input, {
|
input = DOMPurify.sanitize(input, {
|
||||||
|
Loading…
Reference in New Issue
Block a user