Set correct mime type in jailed. Set correct types on script imports in bonfire/show. Open helmet up to potentially unsafe levels by allowing "* unsafe-inline" in scriptSrc.

2015-05-06 14:06:10 -04:00
parent 68420149b0
commit 72339f9183
4 changed files with 28 additions and 18 deletions
--- a/public/js/lib/jailed/_frame.html
+++ b/public/js/lib/jailed/_frame.html
@@ -1 +1 @@
-<script src="_frame.js"></script>
+<script sandbox="allow-same-origin allow-scripts" src="_frame.js"></script>