|
|
@@ -2500,8 +2500,8 @@ func customXssPolicy() (p *bluemonday.Policy) {
|
|
|
|
|
|
// iframe
|
|
|
p.AllowElements("iframe")
|
|
|
- p.AllowAttrs("width").Matching(bluemonday.Number).OnElements("iframe")
|
|
|
- p.AllowAttrs("height").Matching(bluemonday.Number).OnElements("iframe")
|
|
|
+ p.AllowAttrs("width").OnElements("iframe")
|
|
|
+ p.AllowAttrs("height").OnElements("iframe")
|
|
|
p.AllowAttrs("src").OnElements("iframe")
|
|
|
p.AllowAttrs("frameborder").Matching(bluemonday.Number).OnElements("iframe")
|
|
|
p.AllowAttrs("allow").Matching(regexp.MustCompile(`[a-z; -]*`)).OnElements("iframe")
|
