From 050b643948e24d1d93a83766a23a0d693616d01e Mon Sep 17 00:00:00 2001
From: Jermolene <jeremy@osmosoft.com>
Date: Wed, 28 Jan 2015 13:50:39 +0000
Subject: [PATCH] Sandbox HTML iframes

Otherwise Firefox allows code in html tiddlers to access the main
window:

https://groups.google.com/d/topic/tiddlywiki/NwOI-QER2ig/discussion
---
 core/modules/parsers/htmlparser.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/modules/parsers/htmlparser.js b/core/modules/parsers/htmlparser.js
index 4a47c6520..b2528e961 100644
--- a/core/modules/parsers/htmlparser.js
+++ b/core/modules/parsers/htmlparser.js
@@ -23,7 +23,8 @@ var HtmlParser = function(type,text,options) {
 		type: "element",
 		tag: "iframe",
 		attributes: {
-			src: {type: "string", value: src}
+			src: {type: "string", value: src},
+			sandbox: {type: "string", value: "sandbox"}
 		}
 	}];
 };