OpenCloud
/
element-web
mirror of https://github.com/vector-im/element-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Lint correctly

pull/21833/head
David Baker 2017-07-12 10:34:50 +01:00
parent 53316a76f4
commit 918f5abe81
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/components/views/elements/AppTile.js
View File

@ -119,15 +119,17 @@ export default React.createClass({
<div> Loading... </div>
);
} else {
// Note that there is advice saying allow-scripts shouldn;t be used with allow-same-origin
// because that would allow the iframe to prgramatically remove the sandbox attribute, but
// this would only be for content hosted on the same origin as the riot client: anything
// hosted on the same origin as the client will get the same access access as if you clicked
// a link to it.
const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox "+
"allow-same-origin allow-scripts";
appTileBody = (
<div className="mx_AppTileBody">
// Note that there is advice saying allow-scripts shouldn;t be used with allow-same-origin
// because that would allow the iframe to prgramatically remove the sandbox attribute, but
// this would only be for content hosted on the same origin as the riot client: anything
// hosted on the same origin as the client will get the same access access as if you clicked
// a link to it.
<iframe ref="appFrame" src={this.state.widgetUrl} allowFullScreen="true"
sandbox="allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts"
sandbox={sandboxFlags}
></iframe>
</div>
);