iframe: relax the sandbox a little bit (#974)

TurboWarp · Aug 28, 2023 · 1a5a8b3 · 1a5a8b3
1 parent 6ee9cbe
commit 1a5a8b3
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/extensions/iframe.js b/extensions/iframe.js
@@ -35,6 +35,16 @@
     "interest-cohort": "'none'",
   };
 
+  const SANDBOX = [
+    "allow-same-origin",
+    "allow-scripts",
+    "allow-forms",
+    "allow-modals",
+    "allow-popups",
+
+    // The big one we don't want to include is allow-top-navigation
+  ];
+
   let x = 0;
   let y = 0;
   let width = -1; // negative means default
@@ -82,7 +92,7 @@
     iframe.style.height = "100%";
     iframe.style.border = "none";
     iframe.style.position = "absolute";
-    iframe.setAttribute("sandbox", "allow-scripts allow-same-origin");
+    iframe.setAttribute("sandbox", SANDBOX.join(" "));
     iframe.setAttribute(
       "allow",
       Object.entries(featurePolicy)