Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-29 11:02:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(webview): set up some sandboxing for <iframe>

Browse Source
This commit is contained in:
Elian Doran 2025-02-17 21:49:24 +02:00
parent 59b474df35
commit ef3a75d58e
No known key found for this signature in database
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/public/app/widgets/type_widgets/web_view.ts
View File

@ -5,8 +5,6 @@ import type FNote from "../../entities/fnote.js";
import type { EventData } from "../../components/app_context.js";
import utils from "../../services/utils.js";
const el = utils.isElectron() ? "webview" : "iframe";
const TPL = `
<div class="note-detail-web-view note-detail-printable" style="height: 100%">
<div class="note-detail-web-view-help alert alert-warning" style="margin: 50px; padding: 20px 20px 0px 20px;">
@ -21,9 +19,17 @@ const TPL = `
<p>${t("web_view.experimental_note")}</p>
</div>
<${el} class="note-detail-web-view-content"></${el}>
${buildElement()}
</div>`;
function buildElement() {
if (!utils.isElectron()) {
return `<iframe class="note-detail-web-view-content" sandbox="allow-same-origin allow-scripts"></iframe>`;
} else {
return `<webview class="note-detail-web-view-content"></webview>`;
}
}
export default class WebViewTypeWidget extends TypeWidget {
private $noteDetailWebViewHelp!: JQuery<HTMLElement>;