From 918f5abe816024d048071a4d0870c239f8c94e8d Mon Sep 17 00:00:00 2001 From: David Baker Date: Wed, 12 Jul 2017 10:34:50 +0100 Subject: [PATCH] Lint correctly --- src/components/views/elements/AppTile.js | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/components/views/elements/AppTile.js b/src/components/views/elements/AppTile.js index 79cf5969b3..66d6b1ff3a 100644 --- a/src/components/views/elements/AppTile.js +++ b/src/components/views/elements/AppTile.js @@ -119,15 +119,17 @@ export default React.createClass({
Loading...
); } else { + // Note that there is advice saying allow-scripts shouldn;t be used with allow-same-origin + // because that would allow the iframe to prgramatically remove the sandbox attribute, but + // this would only be for content hosted on the same origin as the riot client: anything + // hosted on the same origin as the client will get the same access access as if you clicked + // a link to it. + const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox "+ + "allow-same-origin allow-scripts"; appTileBody = (
- // Note that there is advice saying allow-scripts shouldn;t be used with allow-same-origin - // because that would allow the iframe to prgramatically remove the sandbox attribute, but - // this would only be for content hosted on the same origin as the riot client: anything - // hosted on the same origin as the client will get the same access access as if you clicked - // a link to it.
);