smig/excalidraw
1
0
Fork 0
mirror of https://github.com/excalidraw/excalidraw.git synced 2025-05-03 10:00:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: Gist embed allowing unsafe html (#7883)

Browse source
This commit is contained in:
David Luzar 2024-04-12 12:57:43 +02:00 committed by GitHub
parent f597bd3e01
commit 0ae9b383d6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 27 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/excalidraw/components/App.tsx
View file

@ -1212,7 +1212,9 @@ class App extends React.Component<AppProps, AppState> {
title="Excalidraw Embedded Content"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowFullScreen={true}
sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation allow-downloads"
sandbox={`${
src?.sandbox?.allowSameOrigin ? "allow-same-origin" : ""
} allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation allow-downloads`}
/>
)}
</div>