terjanq/change.diff Secret

## change.diff
diff --git a/public/index.php b/public/index.php
index 2849715..b94efea 100644
--- a/public/index.php
+++ b/public/index.php
@@ -3,7 +3,7 @@ isset($_GET['source']) && highlight_file(__FILE__) && die();

 header('X-Content-Type-Options: nosniff');
 header('X-Frame-Options: DENY');
-
+header("Content-Security-Policy: frame-src 'self'");
 session_name('__Host-PHPSESSID');
 session_set_cookie_params(60, '/; samesite=Lax', "", true, true);
 session_start();
@@ -94,7 +94,9 @@ if (!isset($_SESSION['id'])) {
         function onChange() {
             const dirty = textarea.value;
             localStorage.setItem("html", dirty);
-            cleanHTML = DOMPurify.sanitize(dirty);
+            cleanHTML = DOMPurify.sanitize(dirty, {
+                    FORBID_TAGS: ['style','svg','math']
+                });
             iframe.contentWindow.postMessage({
                 identifier,
                 type: 'render',
	diff --git a/public/index.php b/public/index.php
	index 2849715..b94efea 100644
	--- a/public/index.php
	+++ b/public/index.php
	@@ -3,7 +3,7 @@ isset($_GET['source']) && highlight_file(__FILE__) && die();

	header('X-Content-Type-Options: nosniff');
	header('X-Frame-Options: DENY');
	-
	+header("Content-Security-Policy: frame-src 'self'");
	session_name('__Host-PHPSESSID');
	session_set_cookie_params(60, '/; samesite=Lax', "", true, true);
	session_start();
	@@ -94,7 +94,9 @@ if (!isset($_SESSION['id'])) {
	function onChange() {
	const dirty = textarea.value;
	localStorage.setItem("html", dirty);
	- cleanHTML = DOMPurify.sanitize(dirty);
	+ cleanHTML = DOMPurify.sanitize(dirty, {
	+ FORBID_TAGS: ['style','svg','math']
	+ });
	iframe.contentWindow.postMessage({
	identifier,
	type: 'render',