Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(JS-D010) Missing sandbox in iframe #111

Closed
bigint opened this issue Jul 24, 2022 · 1 comment
Closed

(JS-D010) Missing sandbox in iframe #111

bigint opened this issue Jul 24, 2022 · 1 comment
Assignees
@bigint

Comments

@bigint
Copy link
Member

bigint commented Jul 24, 2022

Description

The sandbox attribute enables an extra set of restrictions for the content in the iframe. When the sandbox attribute is present, it will:

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → deepsource.io/gh/lensterxyz/lenster/issue/JS-D010/occurrences/
@bigint bigint self-assigned this Jul 24, 2022
@bigint bigint added this to the 1.0.0-beta milestone Jul 24, 2022
@bigint bigint closed this as completed in 3265867 Jul 24, 2022
bigint added a commit that referenced this issue Jul 25, 2022
@github-actions @bigint
@dependabot @deepsource-autofix @Barabazs
🔁 Sync testnet with main (#133)
798a777 
* 🔁 Sync testnet with main (#106) (#107)

* feat: add sybil badge (#89)

* feat: add badges comp (#90)

* chore: add sybil badge

* feat: add tooltip to badges (#91)

* feat: collect publication without profile 🚀  (#92)

* feat: add isConnected store

* chore: use setIsConnected

* chore: add proper disconnect

* chore: add valid check

* chore: add create profile component

* feat: add unauthed user menu items

* chore: update error message

* chore: cleanup

* fix: remove unused isAuthenticated

* fix: nonce issue for non profile users

* fix: allowance fetch

* fix: remove current user deps in collect module

* feat: add non auth follow (#93)

* feat: add non auth crowdfund support (#94)

* chore: update sponsor link

* ⬆️ deps(dev): Bump eslint-config-next from 12.2.2 to 12.2.3 (#100)

Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 12.2.2 to 12.2.3.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v12.2.3/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: eslint-config-next
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>

* ⬆️ deps: Bump next from 12.2.2 to 12.2.3 (#97)

Bumps [next](https://github.com/vercel/next.js) from 12.2.2 to 12.2.3.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.2.2...v12.2.3)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>

* ⬆️ deps: Bump plyr-react from 5.0.2 to 5.1.0 (#99)

Bumps [plyr-react](https://github.com/chintan9/plyr-react) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/chintan9/plyr-react/releases)
- [Changelog](https://github.com/chintan9/plyr-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/chintan9/plyr-react/commits)

---
updated-dependencies:
- dependency-name: plyr-react
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ⬆️ deps: Bump zod from 3.17.9 to 3.17.10 (#98)

Bumps [zod](https://github.com/colinhacks/zod) from 3.17.9 to 3.17.10.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](colinhacks/zod@v3.17.9...v3.17.10)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: add entire pub clickable

* fix: use clickable props

* chore: cleanup full post comp

* chore: cleanup post type

* Revert "feat: add entire pub clickable" (#104)

* chore: use article tag

* fix: add stopPropagation for post actions

* revert: make pub clickable

* chore: refactor show more

* chore: add user check

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove unnecessary boolean casts (#108)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* Fix explicit type declarations (#109)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* fix: add passhref and closes #120

* fix: remove unused onClick

* Remove the undefined type from optional property (#110)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* fix: remove unused clickable

* fix: remove unused param

* chore: update yarn.lock

* fix: typo in walletselector comp

Co-Authored-By: Barabazs <31799121+Barabazs@users.noreply.github.com>

* feat: add profile warning below navbar (#130)

* fix: use pascal case for seo tag (#131)

* chore: fix #129

* fix: #129

* fix: use const instead of let (#132)

* fix: use const and closes #124

* fix: remove unused variable and closes #123

* fix: add type to button and closes #127

* fix: add title to iframe and closes #119

* fix: add sandbox and closes #111

* fix: sandbox in iframe

* fix: escape special chars and closes #118

Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: Barabazs <31799121+Barabazs@users.noreply.github.com>
bigint added a commit that referenced this issue Jul 25, 2022
@bigint @github-actions
@dependabot @deepsource-autofix @Barabazs
🔁 Sync testnet with main (#133) (#134)
6f99a1b 
* 🔁 Sync testnet with main (#106) (#107)

* feat: add sybil badge (#89)

* feat: add badges comp (#90)

* chore: add sybil badge

* feat: add tooltip to badges (#91)

* feat: collect publication without profile 🚀  (#92)

* feat: add isConnected store

* chore: use setIsConnected

* chore: add proper disconnect

* chore: add valid check

* chore: add create profile component

* feat: add unauthed user menu items

* chore: update error message

* chore: cleanup

* fix: remove unused isAuthenticated

* fix: nonce issue for non profile users

* fix: allowance fetch

* fix: remove current user deps in collect module

* feat: add non auth follow (#93)

* feat: add non auth crowdfund support (#94)

* chore: update sponsor link

* ⬆️ deps(dev): Bump eslint-config-next from 12.2.2 to 12.2.3 (#100)

Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 12.2.2 to 12.2.3.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v12.2.3/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: eslint-config-next
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>

* ⬆️ deps: Bump next from 12.2.2 to 12.2.3 (#97)

Bumps [next](https://github.com/vercel/next.js) from 12.2.2 to 12.2.3.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.2.2...v12.2.3)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>

* ⬆️ deps: Bump plyr-react from 5.0.2 to 5.1.0 (#99)

Bumps [plyr-react](https://github.com/chintan9/plyr-react) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/chintan9/plyr-react/releases)
- [Changelog](https://github.com/chintan9/plyr-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/chintan9/plyr-react/commits)

---
updated-dependencies:
- dependency-name: plyr-react
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ⬆️ deps: Bump zod from 3.17.9 to 3.17.10 (#98)

Bumps [zod](https://github.com/colinhacks/zod) from 3.17.9 to 3.17.10.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](colinhacks/zod@v3.17.9...v3.17.10)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: add entire pub clickable

* fix: use clickable props

* chore: cleanup full post comp

* chore: cleanup post type

* Revert "feat: add entire pub clickable" (#104)

* chore: use article tag

* fix: add stopPropagation for post actions

* revert: make pub clickable

* chore: refactor show more

* chore: add user check

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove unnecessary boolean casts (#108)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* Fix explicit type declarations (#109)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* fix: add passhref and closes #120

* fix: remove unused onClick

* Remove the undefined type from optional property (#110)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* fix: remove unused clickable

* fix: remove unused param

* chore: update yarn.lock

* fix: typo in walletselector comp

Co-Authored-By: Barabazs <31799121+Barabazs@users.noreply.github.com>

* feat: add profile warning below navbar (#130)

* fix: use pascal case for seo tag (#131)

* chore: fix #129

* fix: #129

* fix: use const instead of let (#132)

* fix: use const and closes #124

* fix: remove unused variable and closes #123

* fix: add type to button and closes #127

* fix: add title to iframe and closes #119

* fix: add sandbox and closes #111

* fix: sandbox in iframe

* fix: escape special chars and closes #118

Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: Barabazs <31799121+Barabazs@users.noreply.github.com>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: Barabazs <31799121+Barabazs@users.noreply.github.com>
bigint added a commit that referenced this issue Jul 26, 2022
@github-actions @bigint
@dependabot @deepsource-autofix @Barabazs @oneski
🔁 Sync testnet with main (#138)
a5a263d 
* 🔁 Sync testnet with main (#133) (#134)

* 🔁 Sync testnet with main (#106) (#107)

* feat: add sybil badge (#89)

* feat: add badges comp (#90)

* chore: add sybil badge

* feat: add tooltip to badges (#91)

* feat: collect publication without profile 🚀  (#92)

* feat: add isConnected store

* chore: use setIsConnected

* chore: add proper disconnect

* chore: add valid check

* chore: add create profile component

* feat: add unauthed user menu items

* chore: update error message

* chore: cleanup

* fix: remove unused isAuthenticated

* fix: nonce issue for non profile users

* fix: allowance fetch

* fix: remove current user deps in collect module

* feat: add non auth follow (#93)

* feat: add non auth crowdfund support (#94)

* chore: update sponsor link

* ⬆️ deps(dev): Bump eslint-config-next from 12.2.2 to 12.2.3 (#100)

Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 12.2.2 to 12.2.3.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/commits/v12.2.3/packages/eslint-config-next)

---
updated-dependencies:
- dependency-name: eslint-config-next
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>

* ⬆️ deps: Bump next from 12.2.2 to 12.2.3 (#97)

Bumps [next](https://github.com/vercel/next.js) from 12.2.2 to 12.2.3.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.2.2...v12.2.3)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>

* ⬆️ deps: Bump plyr-react from 5.0.2 to 5.1.0 (#99)

Bumps [plyr-react](https://github.com/chintan9/plyr-react) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/chintan9/plyr-react/releases)
- [Changelog](https://github.com/chintan9/plyr-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/chintan9/plyr-react/commits)

---
updated-dependencies:
- dependency-name: plyr-react
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ⬆️ deps: Bump zod from 3.17.9 to 3.17.10 (#98)

Bumps [zod](https://github.com/colinhacks/zod) from 3.17.9 to 3.17.10.
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/master/CHANGELOG.md)
- [Commits](colinhacks/zod@v3.17.9...v3.17.10)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: add entire pub clickable

* fix: use clickable props

* chore: cleanup full post comp

* chore: cleanup post type

* Revert "feat: add entire pub clickable" (#104)

* chore: use article tag

* fix: add stopPropagation for post actions

* revert: make pub clickable

* chore: refactor show more

* chore: add user check

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove unnecessary boolean casts (#108)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* Fix explicit type declarations (#109)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* fix: add passhref and closes #120

* fix: remove unused onClick

* Remove the undefined type from optional property (#110)

Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>

* fix: remove unused clickable

* fix: remove unused param

* chore: update yarn.lock

* fix: typo in walletselector comp

Co-Authored-By: Barabazs <31799121+Barabazs@users.noreply.github.com>

* feat: add profile warning below navbar (#130)

* fix: use pascal case for seo tag (#131)

* chore: fix #129

* fix: #129

* fix: use const instead of let (#132)

* fix: use const and closes #124

* fix: remove unused variable and closes #123

* fix: add type to button and closes #127

* fix: add title to iframe and closes #119

* fix: add sandbox and closes #111

* fix: sandbox in iframe

* fix: escape special chars and closes #118

Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: Barabazs <31799121+Barabazs@users.noreply.github.com>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: Barabazs <31799121+Barabazs@users.noreply.github.com>

* chore: update yarn.lock

* feat: add relevant people to pub sidebar (#135)

* fix: remove skip condition

* fix: typo

* Update verified.ts

verified more lens core team members + creative partners

* ⬆️ deps(dev): Bump @typescript-eslint/eslint-plugin (#136)

Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 5.30.7 to 5.31.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.31.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>

Co-authored-by: bigint <69431456+bigint@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: Barabazs <31799121+Barabazs@users.noreply.github.com>
Co-authored-by: David Silverman <oneski@users.noreply.github.com>
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 7, 2024

This issue has been locked since it has been closed for more than 10 days.

If you found a concrete bug or regression related to it, please open a new bug report.

@github-actions github-actions bot locked and limited conversation to collaborators Jan 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bigint bigint

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bigint