#3500: Sandbox all iFrames in PocoDoc

2026-01-12 00:04:54 +08:00 · 2022-04-01 12:20:22 +02:00
parent 5a0b18246b
commit 4ca3f5ca02
2 changed files with 2 additions and 2 deletions
--- a/PocoDoc/resources/index.thtml
+++ b/PocoDoc/resources/index.thtml
@@ -16,7 +16,7 @@ ${PocoDoc.customHeadHTML}
 </div>
 <div class="body">
 <div id="navigation">
-<iframe src="navigation.html" onload="iFrameResize(this);" scrolling="no"></iframe>
+<iframe sandbox src="navigation.html" onload="iFrameResize(this);" scrolling="no"></iframe>
 </div>
 <div id="content">
 <h2>User Guides And Tutorials</h2>
--- a/PocoDoc/src/DocWriter.cpp
+++ b/PocoDoc/src/DocWriter.cpp
@@ -808,7 +808,7 @@ void DocWriter::writeNavigationFrame(std::ostream& ostr, const std::string& grou
 		query += item;
 	}
 	ostr << "<div id=\"navigation\">\n";
-	ostr << "<iframe src=\"navigation.html" << query << "\" onload=\"iFrameResize(this);\" scrolling=\"no\"></iframe>\n";
+	ostr << "<iframe sandbox src=\"navigation.html" << query << "\" onload=\"iFrameResize(this);\" scrolling=\"no\"></iframe>\n";
 	ostr << "</div>\n";
 }