xLog icon indicating copy to clipboard operation
xLog copied to clipboard
verified publisher icon Crossbell-Box

Support for custom content iframes

Open DIYgod opened this issue 2 years ago • 1 comments

From: https://enpitsulin.xlog.app/xlog-content-extend

Example: <iframe src="data:text/html;base64,PGh0bWwgc3R5bGU9IiI+DQo8aGVhZD4NCjxzY3JpcHQgdHlwZT0ibW9kdWxlIiBzcmM9Imh0dHBzOi8vY2RuLmpzZGVsaXZyLm5ldC9ucG0vd2MtZ2l0aHViLWNvcm5lcnNAbGF0ZXN0Ij48L3NjcmlwdD4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudDsiPg0KPGdpdGh1Yi1jb3JuZXJzIGJsYW5rPSJ0cnVlIj48L2dpdGh1Yi1jb3JuZXJzPg0KPC9ib2R5Pg0KPC9odG1sPg==" style="color-scheme: auto;"></iframe>

Uncertain whether it will bring security issues.

DIYgod avatar Apr 25 '23 15:04 DIYgod

~~感觉允许base64的话,同源容易导致xss~~

或许检测到dataurl,给iframe设置一个sandbox属性也行?

daidr avatar Apr 25 '23 16:04 daidr