hedgedoc/lib
Sheogorath 450262c4ab
Allow embedding of video and audio tags
Adding mediaSrc to CSP so video and audio files can be embedded without
problems.

From a security perspective it should be fine to load audio and video
data without introducing a high security issue. Only from a privacy
perspective it allows another way to track users if there are data
embedded. But it doesn't introduce any new attack vector as pictures are
also allowed from everywhere.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-03-25 20:51:56 +02:00
..
config Change config to camel case with backwards compatibility 2018-03-25 19:08:14 +02:00
migrations Add missing migration for permissions 2018-03-06 16:31:41 +01:00
models Change config to camel case with backwards compatibility 2018-03-25 19:08:14 +02:00
ot Change config to camel case with backwards compatibility 2018-03-25 19:08:14 +02:00
web Change config to camel case with backwards compatibility 2018-03-25 19:08:14 +02:00
workers refactor: Remove require extension filename 2017-05-08 19:29:06 +08:00
csp.js Allow embedding of video and audio tags 2018-03-25 20:51:56 +02:00
history.js Improve history migration performance 2018-03-10 16:51:00 +08:00
letter-avatars.js Use strict mode in all backend files 2017-03-14 13:02:43 +08:00
logger.js refactor(logger): Refactor logger.js 2017-05-08 19:24:37 +08:00
realtime.js Change config to camel case with backwards compatibility 2018-03-25 19:08:14 +02:00
response.js Change config to camel case with backwards compatibility 2018-03-25 19:08:14 +02:00
utils.js switch to __dirname 2017-06-02 11:34:35 +01:00