From 4feed6239b2286a92050590ac27dac55454ca0e1 Mon Sep 17 00:00:00 2001 From: Moros Smith Date: Mon, 6 May 2024 23:40:38 -0400 Subject: [PATCH 1/2] ensure iframes are created with a sandbox --- resources/js/app.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/resources/js/app.js b/resources/js/app.js index 2069d0a..4da06fb 100644 --- a/resources/js/app.js +++ b/resources/js/app.js @@ -314,6 +314,7 @@ class PGEtinker let playerFrame = document.createElement('iframe'); playerFrame.setAttribute("srcdoc", this.lastPlayerHtml); + playerFrame.setAttribute("sandbox", "allow-scripts"); document.querySelector("#player-panel .iframe-container").append(playerFrame); playerFrame.classList.toggle("display-block", true); @@ -524,6 +525,7 @@ class PGEtinker { let playerFrame = document.createElement('iframe'); playerFrame.setAttribute("srcdoc", this.lastPlayerHtml); + playerFrame.setAttribute("sandbox", "allow-scripts"); document.querySelector("#player-panel .iframe-container").append(playerFrame); playerFrame.classList.toggle("display-block", true); From e15a70e052796ecf66773ff6349076a0dde428ef Mon Sep 17 00:00:00 2001 From: Moros Smith Date: Mon, 6 May 2024 23:41:59 -0400 Subject: [PATCH 2/2] update changelog --- CHANGELOG.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 25cd8f3..2a50f5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,14 +4,12 @@ All notable changes to this project will be documented in this file. Each batch It is a summary of changes that would be pertinent to the end user of the PGEtinker website. For a comprehensive history of changes made to the project, please refer to the repository's commit history. -## 2024-05-06 (2) - -- Fixed bug with supporter wall - ## 2024-05-06 - Added cloudflare analytics and disclosure - Added supporter wall +- Fixed bug with supporter wall +- Fixed security flaw. iframes weren't created with sandbox ## 2024-05-05