Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WIP implementation of
RequireSandboxOnIFrame
.Open questions:
RequireSandboxOnIFrame
internally callp.AllowAttrs("sandbox").OnElements("iframe")
, or should we leave that to the user?<iframe>
does NOT have asandbox
attribute, the entire tag is omitted entirely. However, what we actually want to do is keep the tag and enforce a blanksandbox=""
attribute. (Might be related to add iframe to default elements without attributes #68?)sandbox
attribute (ex:allow-downloads allow-downloads
->allow-downloads allow-downloads
). Is that something we should do?Closes #135