Closed brianhogg closed 2 months ago
I think this is fine.
Technically, the style tag can be used to push the iframe out to cover the whole screen, which could allow that iframe to mimic the site in a dangerous way. But the danger here is in adding the iframe in the first place and setting the src attribute to something untrusted that would abuse that.
We want course builders to be able to embed and even style iframes within their courses.
Description
Allow style attributes to be included in iframe tags. From what I can see this should be fine, but would like a second take on any security implications of this that I might have missed.
Fixes #2610
How has this been tested?
Manually
Checklist:
npm run dev changelog add -- -i
and follow the prompt. See also: https://github.com/gocodebox/lifterlms/blob/trunk/packages/dev/README.md#changelog-add -->