jmb/48hr.email
1
0
Fork 0
mirror of https://github.com/Crazyco-xyz/48hr.email.git synced 2025-11-03 23:16:31 +01:00
Code Issues Projects Releases Packages Wiki Activity

Sandbox box sand

Browse source
This commit is contained in:
ClaraCrazy 2023-11-02 12:05:01 +01:00
parent b1c84f2b4c
commit 625ab5171d
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
infrastructure/web/views/layout.twig
View file

@ -4,6 +4,7 @@
<title>{{ title }}</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">
<meta http-equiv="Content-Security-Policy" content="script-src 'none'">
<meta name="darkreader" content="stfu">
<meta name="description" content="Dont give shady companies your real email. Use 48hr.email to protect your privacy!">

2
infrastructure/web/views/mail.twig
View file

@ -26,7 +26,7 @@
srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution.
#}
<iframe srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
<iframe sandbox="allow-popups allow-popups-to-escape-sandbox" csp="script-src 'none'" srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
</div>
{% elseif mail.textAsHtml %}
<div class="mail_body">