From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 7 Jun 2023 09:08:38 +0000 (+0200)
Subject: Add `sandbox` attribute to preview card iframes
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=2eac8e7fc2c9a7b30afeef7c833ae55071d9689b;p=mastodon.git

Add `sandbox` attribute to preview card iframes

Signed-off-by: Claire <claire.github-309c@sitedethib.com>
---

diff --git a/lib/sanitize_ext/sanitize_config.rb b/lib/sanitize_ext/sanitize_config.rb
index d894ab4fa..8479458cf 100644
--- a/lib/sanitize_ext/sanitize_config.rb
+++ b/lib/sanitize_ext/sanitize_config.rb
@@ -130,6 +130,10 @@ class Sanitize
         'embed'  => { 'src' => HTTP_PROTOCOLS },
         'iframe' => { 'src' => HTTP_PROTOCOLS },
         'source' => { 'src' => HTTP_PROTOCOLS },
+      },
+
+      add_attributes: {
+        'iframe' => { 'sandbox' => 'allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-forms' },
       }
     )