commit fafa233f609e4f05414de00217e649bdbef67e17 parent 87878ad6fd6735e7f328bcdab53e278468b7beda Author: n0tr1v <n0tr1v@protonmail.com> Date: Fri, 6 Jan 2023 22:21:16 -0800 adding notes Diffstat:
| M | pkg/web/public/views/pages/chat.gohtml | | | 9 | +++++++++ |
1 file changed, 9 insertions(+), 0 deletions(-)
diff --git a/pkg/web/public/views/pages/chat.gohtml b/pkg/web/public/views/pages/chat.gohtml @@ -210,6 +210,15 @@ </div> </div> <div> + {{/* + allow-forms: Needed to send messages using the chat input box + allow-scripts: Needed for "autofocus" to work `Blocked autofocusing on a <input> element because the element's frame is sandboxed and the 'allow-scripts' permission is not set.` + allow-same-origin: Needed so that the iframe can access the cookies such as CSRF + allow-top-navigation: Needed for links such as "Settings" to navigate the top-level page using "_top" + + How does iframe behave in HTML5 without the sandbox attribute? + https://stackoverflow.com/questions/13703760/how-does-iframe-behave-in-html5-without-the-sandbox-attribute + */}} <iframe id="chat-top-bar" name="iframe1" src="/api/v1/chat/top-bar/{{ .Data.Room.Name }}{{ .Data.ChatQueryParams }}" sandbox="allow-forms allow-scripts allow-same-origin allow-top-navigation" style="width: 100%;"></iframe> </div> {{ if not .AuthUser.ChatBarAtBottom }}