Don't let browsers render untrusted HTML or SVG outside of the iframe. Do let them fetch JS and such.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4297 ed5197a5-7fde-0310-b194-c3ffbd925b24
2023-05-14 19:31:45 +00:00
parent cc92d0e316
commit c807e21c6b
2 changed files with 55 additions and 44 deletions
--- a/core/index.html
+++ b/core/index.html
@ -38,6 +38,7 @@
 				<iframe id="document" sandbox="allow-forms allow-scripts allow-top-navigation allow-modals allow-downloads" style="width: 100%; height: 100%; border: 0"></iframe>
 			</div>
 		</div>
+		<script>window.litDisableBundleWarning = true;</script>
 		<script src="/split/split.min.js"></script>
 		<script src="/smoothie/smoothie.js"></script>
 		<script src="/static/client.js" type="module"></script>