Herkarl
commented
2 years ago @niklasvatn
sourcedoc allows using raw html as the source for an iframe instead of fetching from an url.
sandbox does what it sounds like, it creates a sandbox that html/javascript/css/whatever can run in. It is not perfect iirc, but in this case where security is not the main concern, it should be fine.
Fixes #24
Currently html input (and websites in general) is not sandboxed, this does present some security issues, but since everyone with the ability to add slides and use the injection basically has admin privileges this is not really that big of a problem.
It does however limit what can be shown on the tv's, since "bad" input can make the web-client unusable.
Thanks to Lucas Dow and Markus Videfors for identifying the issue.