Merge pull request #822 from chloerei/master

fix iframe xss

Author: chloerei

app/helpers/application_helper.rb

@@ -1,5 +1,5 @@
 module ApplicationHelper
-  ALLOW_TAGS = %w(p br img h1 h2 h3 h4 h5 h6 blockquote pre code b i iframe
+  ALLOW_TAGS = %w(p br img h1 h2 h3 h4 h5 h6 blockquote pre code b i
                   strong em table tr td tbody th strike del u a ul ol li span hr)
   ALLOW_ATTRIBUTES = %w(href src class width height id title alt target rel data-floor frameborder allowfullscreen)
   EMPTY_STRING = ''.freeze