extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-27 10:23:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

stop security error, if iframe source is not from our own origin

Browse Source
This commit is contained in:
ralf 2024-01-15 17:24:55 +02:00
parent 6c2610ca50
commit 12fcd5709b
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/js/framework/fw_browser.js
View File

@ -251,11 +251,14 @@ window.fw_browser = (function(){ "use strict"; return Class.extend(
self.iframe.setAttribute('allow', 'fullscreen'); self.iframe.setAttribute('allow', 'fullscreen');
self.iframe.setAttribute('allowfullscreen', true); // for older browsers self.iframe.setAttribute('allowfullscreen', true); // for older browsers
// bind load handler to set overflow-y: auto on body of contentDocument to allow vertical scrolling // for own origin: bind load handler to set overflow-y: auto on body of contentDocument to allow vertical scrolling
if (_url[0] === '/' || top.location.origin === _url.replace(/^(https?:\/\/[^/]+)\/.*$/, '$1'))
{
self.iframe.addEventListener('load', (ev) => { self.iframe.addEventListener('load', (ev) => {
const body = self.iframe.contentDocument.getElementsByTagName('body')[0]; const body = self.iframe.contentDocument.getElementsByTagName('body')[0];
body.style.overflowY = 'auto'; body.style.overflowY = 'auto';
}); });
}
//Load the iframe content //Load the iframe content
self.iframe.src = _url; self.iframe.src = _url;