jmb
/
48hr.email
mirror of https://github.com/Crazyco-xyz/48hr.email.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sandbox box sand

pull/1/head
ClaraCrazy 2023-11-02 12:05:01 +01:00
parent b1c84f2b4c
commit 625ab5171d
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
infrastructure/web/views/layout.twig
View File

@ -4,6 +4,7 @@
<title>{{ title }}</title> <title>{{ title }}</title>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui"> <meta name="viewport" content="width=device-width, initial-scale=1.0, minimal-ui">
<meta http-equiv="Content-Security-Policy" content="script-src 'none'">
<meta name="darkreader" content="stfu"> <meta name="darkreader" content="stfu">
<meta name="description" content="Dont give shady companies your real email. Use 48hr.email to protect your privacy!"> <meta name="description" content="Dont give shady companies your real email. Use 48hr.email to protect your privacy!">

2
infrastructure/web/views/mail.twig
View File

@ -26,7 +26,7 @@
srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution. srcdoc='html' seems like a very, very unsafe method to me, unfortunately I havent found a better solution.
#} #}
<iframe srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe> <iframe sandbox="allow-popups allow-popups-to-escape-sandbox" csp="script-src 'none'" srcdoc='{{ mail.html|replace({'<html>': '<html style="color: white"'}) }}'></iframe>
</div> </div>
{% elseif mail.textAsHtml %} {% elseif mail.textAsHtml %}
<div class="mail_body"> <div class="mail_body">