mirror of
https://github.com/element-hq/element-web.git
synced 2024-11-30 23:31:28 +03:00
Lint correctly
This commit is contained in:
parent
53316a76f4
commit
918f5abe81
1 changed files with 8 additions and 6 deletions
|
@ -119,15 +119,17 @@ export default React.createClass({
|
|||
<div> Loading... </div>
|
||||
);
|
||||
} else {
|
||||
// Note that there is advice saying allow-scripts shouldn;t be used with allow-same-origin
|
||||
// because that would allow the iframe to prgramatically remove the sandbox attribute, but
|
||||
// this would only be for content hosted on the same origin as the riot client: anything
|
||||
// hosted on the same origin as the client will get the same access access as if you clicked
|
||||
// a link to it.
|
||||
const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox "+
|
||||
"allow-same-origin allow-scripts";
|
||||
appTileBody = (
|
||||
<div className="mx_AppTileBody">
|
||||
// Note that there is advice saying allow-scripts shouldn;t be used with allow-same-origin
|
||||
// because that would allow the iframe to prgramatically remove the sandbox attribute, but
|
||||
// this would only be for content hosted on the same origin as the riot client: anything
|
||||
// hosted on the same origin as the client will get the same access access as if you clicked
|
||||
// a link to it.
|
||||
<iframe ref="appFrame" src={this.state.widgetUrl} allowFullScreen="true"
|
||||
sandbox="allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts"
|
||||
sandbox={sandboxFlags}
|
||||
></iframe>
|
||||
</div>
|
||||
);
|
||||
|
|
Loading…
Reference in a new issue