Skip to content

Commit 197451f

Browse files
dtdesigndtdesign
committed
Force the contents to be executed in a sandbox
1 parent a110e03 commit 197451f

File tree

4 files changed

+4
-0
lines changed

4 files changed

+4
-0
lines changed

ts/WoltLabSuite/Core/Ajax/Error.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,7 @@ async function getErrorHtml(error: ApiError): Promise<string | HTMLIFrameElement
9393
// The content is possibly HTML, use an iframe for rendering.
9494
const iframe = document.createElement("iframe");
9595
iframe.classList.add("dialog__iframe");
96+
iframe.sandbox = "";
9697
iframe.srcdoc = message;
9798

9899
return iframe;

ts/WoltLabSuite/Core/Ajax/Request.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -350,6 +350,7 @@ class AjaxRequest {
350350
// The content is possibly HTML, use an iframe for rendering.
351351
const iframe = document.createElement("iframe");
352352
iframe.classList.add("dialog__iframe");
353+
iframe.sandbox = "";
353354
iframe.srcdoc = xhr.responseText;
354355

355356
return iframe;

wcfsetup/install/files/js/WoltLabSuite/Core/Ajax/Error.js

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

wcfsetup/install/files/js/WoltLabSuite/Core/Ajax/Request.js

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)