Merge pull request #1865 from hackmdio/bugfix/exlucde-name-attribute-from-iframe-render-allowlist

fix: exclude name attribute from iframe filterXSS allowlist

Author: Yukaii

public/js/render.js

@@ -20,7 +20,7 @@ whiteList.style = []
 // allow kbd tag
 whiteList.kbd = []
 // allow ifram tag with some safe attributes
-whiteList.iframe = ['allowfullscreen', 'name', 'referrerpolicy', 'src', 'width', 'height']
+whiteList.iframe = ['allowfullscreen', 'referrerpolicy', 'src', 'width', 'height']
 // allow summary tag
 whiteList.summary = []
 // allow ruby tag