summaryrefslogtreecommitdiff
path: root/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/microcosm-cc/bluemonday/sanitize.go')
-rw-r--r--vendor/github.com/microcosm-cc/bluemonday/sanitize.go29
1 files changed, 28 insertions, 1 deletions
diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
index 97628ce30..9bd91ab37 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
+++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
@@ -240,7 +240,7 @@ func (p *Policy) sanitize(r io.Reader, w io.Writer) error {
// rather than:
// p := bluemonday.NewPolicy()
// If this is the case, and if they haven't yet triggered an action that
- // would initiliaze the maps, then we need to do that.
+ // would initialize the maps, then we need to do that.
p.init()
buff, ok := w.(stringWriterWriter)
@@ -809,6 +809,33 @@ attrsLoop:
}
}
+ if p.requireSandboxOnIFrame != nil && elementName == "iframe" {
+ var sandboxFound bool
+ for i, htmlAttr := range cleanAttrs {
+ if htmlAttr.Key == "sandbox" {
+ sandboxFound = true
+ var cleanVals []string
+ cleanValsSet := make(map[string]bool)
+ for _, val := range strings.Fields(htmlAttr.Val) {
+ if p.requireSandboxOnIFrame[val] {
+ if !cleanValsSet[val] {
+ cleanVals = append(cleanVals, val)
+ cleanValsSet[val] = true
+ }
+ }
+ }
+ cleanAttrs[i].Val = strings.Join(cleanVals, " ")
+ }
+ }
+
+ if !sandboxFound {
+ sandbox := html.Attribute{}
+ sandbox.Key = "sandbox"
+ sandbox.Val = ""
+ cleanAttrs = append(cleanAttrs, sandbox)
+ }
+ }
+
return cleanAttrs
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-04 08:21:16 +0000