fix: only allow http link in iframe render

moonrailgun · moonrailgun · commit 9a327dca14b5 · 2024-11-23T22:29:50.000+08:00
diff --git a/client/web/src/components/Markdown/render.tsx b/client/web/src/components/Markdown/render.tsx
@@ -47,8 +47,12 @@ export const Markdown: React.FC<{
       iframe: (props) => {
         let src = props.src;
 
-        if (src?.includes('javascript')) {
-          return <div>not support run javascript</div>;
+        if (!src) {
+          return <div />;
+        }
+
+        if (!src.startsWith('http')) {
+          return <div>only support http source</div>;
         }
 
         if (src && src.includes('?')) {
