Made MD editor display a sandboxed iframe

- Also added escaping of srcdoc elements in escape logic. Related to #1531
2025-07-30 04:23:11 +03:00 · 2019-08-26 12:16:50 +01:00
parent 2dfe6c2d56
commit 7cc17934a8
6 changed files with 39 additions and 15 deletions
--- a/resources/views/pages/markdown-editor.blade.php
+++ b/resources/views/pages/markdown-editor.blade.php
@ -28,8 +28,7 @@
        <div class="editor-toolbar">
            <div class="editor-toolbar-label">{{ trans('entities.pages_md_preview') }}</div>
        </div>
-        <div class="markdown-display page-content">
-        </div>
+        <iframe class="markdown-display" sandbox="allow-same-origin"></iframe>
    </div>
    <input type="hidden" name="html"/>