filament-tinyeditor icon indicating copy to clipboard operation
filament-tinyeditor copied to clipboard
verified publisher icon amidesfahani

sandbox="" is being added to iFrame embed code automatically

Open TheMalcolm opened this issue 6 months ago • 1 comments

sandbox="" is being added to iFrame embed code automatically, and cannot get rid of it.

Image

Does anyone have a solution for it?

TheMalcolm avatar Jul 17 '25 08:07 TheMalcolm 

TinyEditor::make('content')
    ->setCustomConfigs([
        'sandbox_iframes' => true,
        'sandbox_iframes_exclusions' => ['IFRAME_DOMAINS'],
    ]),

This should solve the problem. I faced the same issue while embedding videos from api.video. After search, I found that TinyMCE add sandbox layer to prevent XSS attacks. So, it's very important to keep sandboxing works but you can exclude domains you need.

Note I used the full domain of embedding embed.api.video otherwise it didn't work with me

mo-haytham avatar Nov 11 '25 17:11 mo-haytham