From 36d27e289177fdec5332539c94b8192022a412f2 Mon Sep 17 00:00:00 2001
From: Thibaut Girka <thib@sitedethib.com>
Date: Mon, 17 Dec 2018 21:42:18 +0100
Subject: [PATCH] Sandbox toot embeds in the embed modal

It should not be necessary thanks to our Content Security Policy, but best
be sure in case a server's CSP is incorrect. Also, avoids a CSP warning about
loading remote scripts.
---
 .../flavours/glitch/features/ui/components/embed_modal.js        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/javascript/flavours/glitch/features/ui/components/embed_modal.js b/app/javascript/flavours/glitch/features/ui/components/embed_modal.js
index f3553f4a9..bf29b0da5 100644
--- a/app/javascript/flavours/glitch/features/ui/components/embed_modal.js
+++ b/app/javascript/flavours/glitch/features/ui/components/embed_modal.js
@@ -74,6 +74,7 @@ export default class EmbedModal extends ImmutablePureComponent {
             className='embed-modal__iframe'
             frameBorder='0'
             ref={this.setIframeRef}
+            sandbox='allow-same-origin'
             title='preview'
           />
         </div>