smallsolar
/
libkiwix
mirror of https://github.com/kiwix/libkiwix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

A pseudosafe iframe 

This prevents scripts running inside an iframe from inadvertently
manipulating the top browsing context. However a malicious script could
still remove the sandboxing imposed on it (because the combination of
"allow-same-origin" and "allow-scripts" is vulnerable).
This commit is contained in:
Veloman Yunkan 2023-03-06 18:17:52 +04:00
parent 32b4bca745
commit 571b6089a4
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
static/viewer.html
View File

@ -69,6 +69,7 @@
<iframe id="content_iframe" <iframe id="content_iframe"
referrerpolicy="same-origin" referrerpolicy="same-origin"
sandbox="allow-same-origin allow-scripts"
onload="on_content_load()" onload="on_content_load()"
src="./skin/blank.html?KIWIXCACHEID" title="ZIM content" width="100%" src="./skin/blank.html?KIWIXCACHEID" title="ZIM content" width="100%"
style="border:0px"> style="border:0px">