SECURITY: Don't whitelist codepen as it is a potential vector for abuse

Gemfile.lock

@@ -222,7 +222,7 @@ GEM
     omniauth-twitter (1.0.1)
       multi_json (~> 1.3)
       omniauth-oauth (~> 1.0)
-    onebox (1.5.5)
+    onebox (1.5.7)
       moneta (~> 0.7)
       multi_json (~> 1.7)
       mustache (~> 0.99)