Skip to content

Instantly share code, notes, and snippets.

@terjanq
Created Oct 22, 2021
Embed
What would you like to do?
Fix unintended solution
diff --git a/public/index.php b/public/index.php
index 2849715..b94efea 100644
--- a/public/index.php
+++ b/public/index.php
@@ -3,7 +3,7 @@ isset($_GET['source']) && highlight_file(__FILE__) && die();
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
-
+header("Content-Security-Policy: frame-src 'self'");
session_name('__Host-PHPSESSID');
session_set_cookie_params(60, '/; samesite=Lax', "", true, true);
session_start();
@@ -94,7 +94,9 @@ if (!isset($_SESSION['id'])) {
function onChange() {
const dirty = textarea.value;
localStorage.setItem("html", dirty);
- cleanHTML = DOMPurify.sanitize(dirty);
+ cleanHTML = DOMPurify.sanitize(dirty, {
+ FORBID_TAGS: ['style','svg','math']
+ });
iframe.contentWindow.postMessage({
identifier,
type: 'render',
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment