commit aab609f71ebc40cfd9650d5afa612e2ac1d7cf69 parent aee27f01cd9fbcdd9c2f1bb9fe531e6666dcb8cb Author: n0tr1v <n0tr1v@protonmail.com> Date: Sat, 7 Jan 2023 06:43:58 -0800 Add notes Diffstat:
| M | pkg/web/public/views/pages/chat.gohtml | | | 19 | +++++++++++++++++++ |
1 file changed, 19 insertions(+), 0 deletions(-)
diff --git a/pkg/web/public/views/pages/chat.gohtml b/pkg/web/public/views/pages/chat.gohtml @@ -223,6 +223,25 @@ </div> {{ if not .AuthUser.ChatBarAtBottom }} <div> + {{/* + This iframe cannot be sandboxed, as it would prevent having "form" with a `target="..."` property. + Such forms would open a new tab instead of sending data from the other iframe. + */}} + {{/* + allow-scripts: Needed for html meta refresh `Refused to execute the redirect specified via '<meta http-equiv='refresh' content='...'>'. The document is sandboxed, and the 'allow-scripts' keyword is not set.` + allow-forms: Needed for forms within the chat such as battleship + allow-same-origin: Needed so that the iframe can access the cookies such as CSRF + allow-popups: Needed to open external links in new tab + allow-popups-to-escape-sandbox: Allows external websites to not be restricted by the sandbox + allow-top-navigation-by-user-activation: Needed for links such as "#suggestions" to navigate the top-level page using "_top" + sandbox=" + allow-forms + allow-scripts + allow-same-origin + allow-top-navigation-by-user-activation + allow-popups + allow-popups-to-escape-sandbox" + */}} <iframe id="chat-content" name="iframe2" src="/api/v1/chat/messages/{{ .Data.Room.Name }}{{ .Data.ChatQueryParams }}"></iframe> </div> {{ end }}