Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat: remove sandbox attribute from iframe #1422

Merged
merged 1 commit into from
Feb 2, 2022
Merged

feat: remove sandbox attribute from iframe #1422

merged 1 commit into from
Feb 2, 2022

Conversation

eWert-Online
Copy link
Contributor

Closes #1414

Summary of changes:
This removes the sandbox attribute from the iframe.
As @mfranzke pointed out: Based on the following statement, the attribute is kind of pseudo security

When the embedded document has the same origin as the embedding page, it is strongly discouraged to use both allow-scripts and allow-same-origin, as that lets the embedded document remove the sandbox attribute — making it no more secure than not using the sandbox attribute at all.

@JosefBredereck JosefBredereck merged commit 4335660 into pattern-lab:dev Feb 2, 2022
antonia-rose pushed a commit to quelltexterin/nemo-uikit-workshop that referenced this pull request Apr 12, 2023
@eWert-Online
feat: remove sandbox attribute from iframe (pattern-lab#1422)
8bf0f1e
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@JosefBredereck JosefBredereck JosefBredereck approved these changes

@sghoweri sghoweri Awaiting requested review from sghoweri sghoweri is a code owner

Assignees
No one assigned
Labels
fix / refactor 🚧 released 🚀 uikit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add allow-downloads to iframe sandbox options
3 participants
@eWert-Online @JosefBredereck @mfranzke