Filter out iframe tag on markdown rendering

2025-12-17 14:24:27 +01:00 · 2024-06-13 23:28:27 +02:00
parent 93b9748ca4
commit d7bdded88f
1 changed files with 1 additions and 2 deletions
--- a/utils.go
+++ b/utils.go
@@ -338,10 +338,9 @@ func sanitizeXSS(html string) string {
 	p := bluemonday.UGCPolicy()
 	p.AllowStyling()
 	p.RequireNoFollowOnLinks(false)
-	p.AllowElements("video", "source", "iframe")
+	p.AllowElements("video", "source")
 	p.AllowAttrs("controls", "width").OnElements("video")
 	p.AllowAttrs("src", "width").OnElements("source")
-	p.AllowAttrs("src", "frameborder").OnElements("iframe")
 	return p.Sanitize(html)
 }