Sandbox box sand
parent
b1c84f2b4c
commit
625ab5171d
|
@ -4,6 +4,7 @@
|
||||||
<title>{{ title }}</title>
|
<title>{{ title }}</title>
|
||||||
<meta charset="UTF-8">
|
<meta charset="UTF-8">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">
|
||||||
|
<meta http-equiv="Content-Security-Policy" content="script-src 'none'">
|
||||||
<meta name="darkreader" content="stfu">
|
<meta name="darkreader" content="stfu">
|
||||||
|
|
||||||
<meta name="description" content="Dont give shady companies your real email. Use 48hr.email to protect your privacy!">
|
<meta name="description" content="Dont give shady companies your real email. Use 48hr.email to protect your privacy!">
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution.
|
srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution.
|
||||||
#}
|
#}
|
||||||
|
|
||||||
<iframe srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
|
<iframe sandbox="allow-popups allow-popups-to-escape-sandbox" csp="script-src 'none'" srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
|
||||||
</div>
|
</div>
|
||||||
{% elseif mail.textAsHtml %}
|
{% elseif mail.textAsHtml %}
|
||||||
<div class="mail_body">
|
<div class="mail_body">
|
||||||
|
|
Loading…
Reference in New Issue