Sandbox Lightbox (Call her SaLi [pronounced "Sally"])

[styromaniac]

When files are directly linked, I think there should be a lightbox in an iframe for it, just in case files in question contain malicious executable code.

[anoadragon453]

Note that scripts and things that still want to directly access files can do so by using /raw/... URLs.

[anoadragon453]

Having thought about this a bit more, I'm not actually sure if the iframe would help here given you could've just clicked a link leading to a site with malicious js anyways? ZeroFrame should still theoretically protect you against this.

Also people could just link you to /raw/... so :P

[HelloZeroNet]

Any html file should be displayed with iframe, the /raw/ files is served with default-src 'none'; sandbox allow-top-navigation allow-forms; img-src *; font-src * data:; media-src *; style-src * 'unsafe-inline'; headers that should prevent any javascript from executing

[anoadragon453]

Good to know, thank you. That sounds like it may negate this issue?

[ghost]

@HelloZeroNet is right. JavaScript will not execute while you loading 127.0.0.1:43110/raw/.... However, you can see the files without any problem.

[styromaniac]

So, should I close this issue?