mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-23 03:27:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: use iframes for gist embedding instead of gist-embed

Browse source 
The used library gist-embed relies on GitHub Gist's JSONP
endpoint which is a risk for XSS injection. By adding untrusted
content from GitHub into the DOM it also follows very bad
practises. Using the iframe embedding has the disadvantage of
not having the proper height for the frame auto-loaded, but
the security benefits are worth it.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2025-04-08 00:03:48 +02:00
parent 4fdb7d8c4d
commit c73fbc9217
No known key found for this signature in database
GPG key ID: DB99ADDDC5C0AF82
6 changed files with 8 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

1
public/js/htmlExport.js
View file

@ -22,4 +22,3 @@ const $ = require('jquery')
window.jQuery = $
window.$ = $
require('bootstrap')
require('gist-embed/gist-embed.min')