From d7bdded88f20bb402b9a9174d7d02f5e3489a4b4 Mon Sep 17 00:00:00 2001
From: dtonon <github@dtonon.com>
Date: Thu, 13 Jun 2024 23:28:27 +0200
Subject: [PATCH] Filter out iframe tag on markdown rendering

---
 utils.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/utils.go b/utils.go
index 34307ee..0b255ec 100644
--- a/utils.go
+++ b/utils.go
@@ -338,10 +338,9 @@ func sanitizeXSS(html string) string {
 	p := bluemonday.UGCPolicy()
 	p.AllowStyling()
 	p.RequireNoFollowOnLinks(false)
-	p.AllowElements("video", "source", "iframe")
+	p.AllowElements("video", "source")
 	p.AllowAttrs("controls", "width").OnElements("video")
 	p.AllowAttrs("src", "width").OnElements("source")
-	p.AllowAttrs("src", "frameborder").OnElements("iframe")
 	return p.Sanitize(html)
 }