Commit 9a327dc

committed

fix: only allow http link in iframe render

1 parent c1365f2 commit 9a327dcCopy full SHA for 9a327dc

File tree

-2

lines changed

-2

lines changed

Lines changed: 6 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -47,8 +47,12 @@ export const Markdown: React.FC<{`
`47`	`47`	`iframe: (props) => {`
`48`	`48`	`let src = props.src;`
`49`	`49`
`50`		`- if (src?.includes('javascript')) {`
`51`		`- return <div>not support run javascript</div>;`
	`50`	`+ if (!src) {`
	`51`	`+ return <div />;`
	`52`	`+ }`
	`53`	`+`
	`54`	`+ if (!src.startsWith('http')) {`
	`55`	`+ return <div>only support http source</div>;`
`52`	`56`	`}`
`53`	`57`
`54`	`58`	`if (src && src.includes('?')) {`

Comments

(0)