Skip to content

Commit

Permalink
fix: fix xss problem when render iframe
Browse files Browse the repository at this point in the history
  • Loading branch information
@moonrailgun
moonrailgun committed Nov 23, 2024
1 parent d57a878 commit c1365f2
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions client/web/src/components/Markdown/render.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,11 @@ export const Markdown: React.FC<{
),
iframe: (props) => {
let src = props.src;

if (src?.includes('javascript')) {
return <div>not support run javascript</div>;
}

if (src && src.includes('?')) {
src += '&autoplay=0'; // make sure media autoplay is false
}
Expand Down

0 comments on commit c1365f2

Please sign in to comment.