Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

589-add-allow-modals-to-sandbox-options #596

Merged
merged 5 commits into from
Jun 26, 2019
Merged

589-add-allow-modals-to-sandbox-options #596

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
36181c1
589
JohannesDoberer Jun 19, 2019
561f729
Merge branch 'master' into 589-add-allow-modals-to-sandbox-options
maxmarkus Jun 24, 2019
d90f5de
Merge branch 'master' into 589-add-allow-modals-to-sandbox-options
JohannesDoberer Jun 24, 2019
ad7f902
Merge branch 'master' into 589-add-allow-modals-to-sandbox-options
JohannesDoberer Jun 26, 2019
9f1594e
removed allow-downloads
JohannesDoberer Jun 26, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions core/src/utilities/helpers/iframe-helpers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,18 +131,18 @@ class IframeHelpersClass {
createIframe(viewUrl) {
const activeSandboxRules = [
'allow-forms', // Allows the resource to submit forms. If this keyword is not used, form submission is blocked.
// 'allow-modals', // Lets the resource open modal windows.
'allow-modals', // Lets the resource open modal windows.
// 'allow-orientation-lock', // Lets the resource lock the screen orientation.
// 'allow-pointer-lock', // Lets the resource use the Pointer Lock API.
'allow-popups', // Allows popups (such as window.open(), target="_blank", or showModalDialog()). If this keyword is not used, the popup will silently fail to open.
'allow-popups-to-escape-sandbox', // Lets the sandboxed document open new windows without those windows inheriting the sandboxing. For example, this can safely sandbox an advertisement without forcing the same restrictions upon the page the ad links to.
// 'allow-presentation', // Lets the resource start a presentation session.
'allow-same-origin', // If this token is not used, the resource is treated as being from a special origin that always fails the same-origin policy.
'allow-scripts', // Lets the resource run scripts (but not create popup windows).
'allow-scripts' // Lets the resource run scripts (but not create popup windows).
// 'allow-storage-access-by-user-activation', // Lets the resource request access to the parent's storage capabilities with the Storage Access API.
// 'allow-top-navigation', // Lets the resource navigate the top-level browsing context (the one named _top).
// 'allow-top-navigation-by-user-activation', // Lets the resource navigate the top-level browsing context, but only if initiated by a user gesture.
'allow-downloads-without-user-activation' // Allows for downloads to occur without a gesture from the user.
// 'allow-downloads-without-user-activation' // Allows for downloads to occur without a gesture from the user.
];

const iframe = document.createElement('iframe');
Expand Down