OpenCloud
/
element-web
mirror of https://github.com/vector-im/element-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Lint correctly

pull/21833/head
David Baker 2017-07-12 10:34:50 +01:00
parent 53316a76f4
commit 918f5abe81
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/components/views/elements/AppTile.js
View File

@ -119,15 +119,17 @@ export default React.createClass({
<div> Loading... </div> <div> Loading... </div>
); );
} else { } else {
// Note that there is advice saying allow-scripts shouldn;t be used with allow-same-origin
// because that would allow the iframe to prgramatically remove the sandbox attribute, but
// this would only be for content hosted on the same origin as the riot client: anything
// hosted on the same origin as the client will get the same access access as if you clicked
// a link to it.
const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox "+
"allow-same-origin allow-scripts";
appTileBody = ( appTileBody = (
<div className="mx_AppTileBody"> <div className="mx_AppTileBody">
// Note that there is advice saying allow-scripts shouldn;t be used with allow-same-origin
// because that would allow the iframe to prgramatically remove the sandbox attribute, but
// this would only be for content hosted on the same origin as the riot client: anything
// hosted on the same origin as the client will get the same access access as if you clicked
// a link to it.
<iframe ref="appFrame" src={this.state.widgetUrl} allowFullScreen="true" <iframe ref="appFrame" src={this.state.widgetUrl} allowFullScreen="true"
sandbox="allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts" sandbox={sandboxFlags}
></iframe> ></iframe>
</div> </div>
); );