From f82d46337b3c0755dbe089345ca88e08426aee20 Mon Sep 17 00:00:00 2001
From: Vlad Piersec <vlad.piersec@8x8.com>
Date: Thu, 24 Jun 2021 09:20:37 +0300
Subject: [PATCH] (fix): Do not allow external css customization for static
 prejoin

This prevents CSS spoofing.
---
 static/prejoin.html | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/static/prejoin.html b/static/prejoin.html
index 65e81f1bc..8ce110a52 100644
--- a/static/prejoin.html
+++ b/static/prejoin.html
@@ -16,10 +16,6 @@
           const showAvatar = params.get('showAvatar') === 'true';
           const showJoinActions = params.get('showJoinActions') === 'true';
           const showSkipPrejoin = params.get('showSkipPrejoin') === 'true';
-          const css = params.get('style');
-          const style = document.createElement('style');
-          style.appendChild(document.createTextNode(css));
-          document.head.appendChild(style);
 
           JitsiMeetJS.app.renderEntryPoint({
               Component: JitsiMeetJS.app.entryPoints.PREJOIN,