From 1407e1641eb403bbf3c8e2e4817e48ad58bb7b66 Mon Sep 17 00:00:00 2001
From: Yukai Huang <yukaihuangtw@gmail.com>
Date: Tue, 30 Apr 2024 18:18:36 +0800
Subject: [PATCH] fix: exclude name attribute from iframe filterXSS allowlist

Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
---
 public/js/render.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/js/render.js b/public/js/render.js
index 4a9c3b25f7..db73a0ce31 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -20,7 +20,7 @@ whiteList.style = []
 // allow kbd tag
 whiteList.kbd = []
 // allow ifram tag with some safe attributes
-whiteList.iframe = ['allowfullscreen', 'name', 'referrerpolicy', 'src', 'width', 'height']
+whiteList.iframe = ['allowfullscreen', 'referrerpolicy', 'src', 'width', 'height']
 // allow summary tag
 whiteList.summary = []
 // allow ruby tag