3063 - address cross site scripting (#368)

* remove the whole add custom css block This was used in Bridge, isn't used more and was causing a cross-scripting warning: https://github.com/meedan/pender/security/code-scanning/15
meedan · Jul 21, 2023 · 4b58f98 · 4b58f98
1 parent 861cd98
commit 4b58f98
Showing 1 changed file with 0 additions and 9 deletions.
diff --git a/public/javascripts/embed.js b/public/javascripts/embed.js
@@ -6,15 +6,6 @@ var Pender = {};
 (function($) {
   'use strict';
 
-  // Add custom CSS
-  var css = document.location.hash.replace('#css=', '');
-  if (css !== '') {
-    $('head').append('<link rel="stylesheet" href="' + css + '" type="text/css" class="pender-custom-css" />');
-    $('meta[name="twitter:image"]').attr('content', function(index, attr) {
-      return attr + '?css=' + css;
-    });
-  }
-
   // Alert parent window when the height changes
   var htmlHeight = 0;
   if (!Pender.id) {