fix: security html module removes allow attribute from iframes (#2354)

* fix: secure html module removes allowfullscreen, allow and frameborder attributes from iframes * Apply suggestions from code review fix: remove deprecated attributes for iframe in secure html module Co-authored-by: Nicolas Giard <github@ngpixel.com>

fix: security html module removes allow attribute from iframes (#2354)
79c5b8fa · Иван · GitHub · 660b78d9 · 79c5b8fa
Unverified Commit 79c5b8fa authored Sep 13, 2020 by Иван Committed by GitHub Sep 13, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

renderer.js server/modules/rendering/html-security/renderer.js +1 -0

No files found.
--- a/server/modules/rendering/html-security/renderer.js
+++ b/server/modules/rendering/html-security/renderer.js
@@ -29,6 +29,7 @@ module.exports = {

      if (config.allowIFrames) {
        allowedTags.push('iframe')
+        allowedAttrs.push('allow')
      }

      input = DOMPurify.sanitize(input, {