summaryrefslogtreecommitdiff
path: root/packages/frontend
diff options
context:
space:
mode:
authory.takahashi <eai@mizle.net>2023-11-22 10:19:30 +0900
committerGitHub <noreply@github.com>2023-11-22 10:19:30 +0900
commitc6ed06d783a2d49ca029cdf5284150bbfd3c9976 (patch)
tree4f1d39180b30ef199c1d23d4595c546d6adcb5a6 /packages/frontend
parentfix: verifymail.io APIの設定項目が反映されない (#12399) (diff)
downloadsharkey-c6ed06d783a2d49ca029cdf5284150bbfd3c9976.tar.gz
sharkey-c6ed06d783a2d49ca029cdf5284150bbfd3c9976.tar.bz2
sharkey-c6ed06d783a2d49ca029cdf5284150bbfd3c9976.zip
twitter埋め込みのsandbox属性にallow-popups-to-escape-sandboxを追加 (#12400)
Co-authored-by: unarist <m.unarist@gmail.com>
Diffstat (limited to 'packages/frontend')
-rw-r--r--packages/frontend/src/components/MkUrlPreview.vue2
-rw-r--r--packages/frontend/test/url-preview.test.ts4
2 files changed, 3 insertions, 3 deletions
diff --git a/packages/frontend/src/components/MkUrlPreview.vue b/packages/frontend/src/components/MkUrlPreview.vue
index e2844f8fa1..a460f3ea07 100644
--- a/packages/frontend/src/components/MkUrlPreview.vue
+++ b/packages/frontend/src/components/MkUrlPreview.vue
@@ -31,7 +31,7 @@ SPDX-License-Identifier: AGPL-3.0-only
<iframe
ref="tweet"
allow="fullscreen;web-share"
- sandbox="allow-popups allow-scripts allow-same-origin"
+ sandbox="allow-popups allow-popups-to-escape-sandbox allow-scripts allow-same-origin"
scrolling="no"
:style="{ position: 'relative', width: '100%', height: `${tweetHeight}px`, border: 0 }"
:src="`https://platform.twitter.com/embed/index.html?embedId=${embedId}&amp;hideCard=false&amp;hideThread=false&amp;lang=en&amp;theme=${defaultStore.state.darkMode ? 'dark' : 'light'}&amp;id=${tweetId}`"
diff --git a/packages/frontend/test/url-preview.test.ts b/packages/frontend/test/url-preview.test.ts
index 811f07d9c7..f760de9274 100644
--- a/packages/frontend/test/url-preview.test.ts
+++ b/packages/frontend/test/url-preview.test.ts
@@ -150,7 +150,7 @@ describe('MkUrlPreview', () => {
});
assert.exists(iframe, 'iframe should exist');
assert.strictEqual(iframe?.getAttribute('allow'), 'fullscreen;web-share');
- assert.strictEqual(iframe?.getAttribute('sandbox'), 'allow-popups allow-scripts allow-same-origin');
+ assert.strictEqual(iframe?.getAttribute('sandbox'), 'allow-popups allow-popups-to-escape-sandbox allow-scripts allow-same-origin');
});
test('Loading a post in iframe', async () => {
@@ -159,6 +159,6 @@ describe('MkUrlPreview', () => {
});
assert.exists(iframe, 'iframe should exist');
assert.strictEqual(iframe?.getAttribute('allow'), 'fullscreen;web-share');
- assert.strictEqual(iframe?.getAttribute('sandbox'), 'allow-popups allow-scripts allow-same-origin');
+ assert.strictEqual(iframe?.getAttribute('sandbox'), 'allow-popups allow-popups-to-escape-sandbox allow-scripts allow-same-origin');
});
});
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 20:19:26 +0000