Disallow iframe srcdoc for now (#7494) - FreshRSS (Customized) - Customized version of FreshRSS, a self-hosted RSS feed aggregator

diff options

author	Alexandre Alapetite <alexandre@alapetite.fr>	2025-04-06 00:47:45 +0200
committer	GitHub <noreply@github.com>	2025-04-06 00:47:45 +0200
commit	54e2f9107d03c5b3bb260f38fdb2736bce449fd4 (patch)
tree	75a1735e7761f0aca6d7d7084443c013aad9efdf /lib/core-extensions/UserCSS/extension.php
parent	d858053a7c70b3fee0fe407420ff8bd1466d5de2 (diff)

Disallow iframe srcdoc for now (#7494)

We do not sanitize this attribute well enough, so striped for now. It is rarely used: I have not seen any use of it in any of my many test feeds. Can be added back when we can handle its inherent security issues better.

Diffstat (limited to 'lib/core-extensions/UserCSS/extension.php')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: