fix: preserve allowed iframe query parameters (#5295)

Co-authored-by: Prospector <6166773+Prospector@users.noreply.github.com>
2026-02-09 16:17:37 +01:00
parent 0facf26b04
commit e80d7730ca
1 changed files with 1 additions and 1 deletions
--- a/packages/utils/parse.ts
+++ b/packages/utils/parse.ts
@@ -53,7 +53,7 @@ export const configuredXss = new FilterXSS({
 					continue
 				}
-				const newSearchParams = new URLSearchParams()
+				const newSearchParams = new URLSearchParams(url.searchParams)
 				url.searchParams.forEach((value, key) => {
 					if (!source.allowedParameters.some((param) => param.test(`${key}=${value}`))) {
 						newSearchParams.delete(key)