vuex-iframe-sync icon indicating copy to clipboard operation
vuex-iframe-sync copied to clipboard

Published 20 hours ago verified publisher icon L-Chris

Sandbox attribute

Open steamypassion opened this issue 7 years ago • 2 comments

Hi, I find vuex-iframe-sync load faster than paypal krakenjs's zoid. This project is great in feature and performance. My use case would be to reasonably sandbox the third party components, as seamless as state as possible. I might not need callback, just passing the information for third party components. Does it work with sandbox attribute? I change the simple example with sandbox attribute, then run npm run dev:simple , but iframe1 not loading. Not also sandbox="allow-scripts". It doesn't need allow-same-origin right? as both are from same webserver.

new Vue({
  el: '#app',
  store,
  template:
  '<div>' +
    '<iframe id="frameId1" src="./appFrame.html" sandbox style="width:100%;"/>' +

steamypassion avatar Jul 10 '18 11:07 steamypassion

@steamypassion It needs allow-same-origin, just like this. <iframe id="frameId1" src="appFrame.html" sandbox="allow-same-origin allow-scripts" style="width:100%;"/> You may find answer in MDN,I guess. MDN sandbox

L-Chris avatar Jul 15 '18 02:07 L-Chris

Thanks for the reply. Since you using postMessaging. If i am not wrong, it can support Cross origin right? But i might be too stupid, so If i am wrong just correct me.

Would you consider to add in cross origin support if possible in future. Zoid is implemented via cross origin, the implementation have own merit and use case. Your library is the only one that is closer to the implementation in Vue land. It would be great if the third party components could not access parent's dom from the iframe with following config.

sandbox="allow-scripts"

In Iframe:

window.parent.document

steamypassion avatar Jul 16 '18 18:07 steamypassion