From f131c378934a86b741ab5b808437c95694dc5503 Mon Sep 17 00:00:00 2001
From: Jermolene <jeremy@osmosoft.com>
Date: Wed, 11 Jun 2014 23:04:58 +0100
Subject: [PATCH] Update HTML parser to use an IFRAME

Gives us better sandboxing of unsafe HTML content
---
 core/modules/parsers/htmlparser.js | 13 +++++++++++--
 themes/tiddlywiki/vanilla/base.tid |  9 +++++++--
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/core/modules/parsers/htmlparser.js b/core/modules/parsers/htmlparser.js
index 7045c7f44..a42a22753 100644
--- a/core/modules/parsers/htmlparser.js
+++ b/core/modules/parsers/htmlparser.js
@@ -13,9 +13,18 @@ The HTML parser displays text as raw HTML
 "use strict";
 
 var HtmlParser = function(type,text,options) {
+	var src;
+	if(options._canonical_uri) {
+		src = options._canonical_uri;
+	} else if(text) {
+		src = "data:text/html," + encodeURIComponent(text);
+	}
 	this.tree = [{
-		type: "raw",
-		html: text
+		type: "element",
+		tag: "iframe",
+		attributes: {
+			src: {type: "string", value: src}
+		}
 	}];
 };
 
diff --git a/themes/tiddlywiki/vanilla/base.tid b/themes/tiddlywiki/vanilla/base.tid
index 632081fa9..da0b4af79 100644
--- a/themes/tiddlywiki/vanilla/base.tid
+++ b/themes/tiddlywiki/vanilla/base.tid
@@ -117,11 +117,16 @@ table tfoot tr td {
 	white-space: nowrap;
 }
 
-.tw-tiddler-frame img, .tw-tiddler-frame svg, .tw-tiddler-frame canvas, .tw-tiddler-frame embed {
+.tw-tiddler-frame img,
+.tw-tiddler-frame svg,
+.tw-tiddler-frame canvas,
+.tw-tiddler-frame embed,
+.tw-tiddler-frame iframe {
 	max-width: 100%;
 }
 
-.tw-tiddler-frame embed {
+.tw-tiddler-frame embed,
+.tw-tiddler-frame iframe {
 	width: 100%;
 	height: 600px;
 }