Sandbox toot embeds in the embed modal
It should not be necessary thanks to our Content Security Policy, but best be sure in case a server's CSP is incorrect. Also, avoids a CSP warning about loading remote scripts.
This commit is contained in:
parent
30de4e4dfc
commit
36d27e2891
1 changed files with 1 additions and 0 deletions
|
@ -74,6 +74,7 @@ export default class EmbedModal extends ImmutablePureComponent {
|
|||
className='embed-modal__iframe'
|
||||
frameBorder='0'
|
||||
ref={this.setIframeRef}
|
||||
sandbox='allow-same-origin'
|
||||
title='preview'
|
||||
/>
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue