From 6d9ff44d2c1bc848bc662fa8c3189d0a0f3000ba Mon Sep 17 00:00:00 2001
From: gtsp233 <gtsp233@gmail.com>
Date: Mon, 11 Dec 2023 20:14:59 -0500
Subject: [PATCH] disable javascript protocal as iframe url

---
 packages/fronts/src/useIframe.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/fronts/src/useIframe.ts b/packages/fronts/src/useIframe.ts
index 69d95a0..bffc62e 100644
--- a/packages/fronts/src/useIframe.ts
+++ b/packages/fronts/src/useIframe.ts
@@ -34,6 +34,10 @@ export const getIframeUrl = async (siteName: string) => {
 };
 
 export const useIframe: UseIframe = async ({ target, name, url, attrs }) => {
+  const isJavaScriptProtocol = /^[\u0000-\u001F ]*j[\r\n\t]*a[\r\n\t]*v[\r\n\t]*a[\r\n\t]*s[\r\n\t]*c[\r\n\t]*r[\r\n\t]*i[\r\n\t]*p[\r\n\t]*t[\r\n\t]*\:/i;
+  if(url && isJavaScriptProtocol.test(url)) {
+    return
+  }
   const iframe = document.createElement('iframe');
   iframe.src = url ?? (await getIframeUrl(name));
   const uid = getUid(name);