extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-05 01:22:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

stop security error, if iframe source is not from our own origin

Browse Source
This commit is contained in:
ralf 2024-01-15 17:24:55 +02:00
parent ae47069478
commit 1ff62aafd4
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
api/js/framework/fw_browser.js
View File

@ -251,11 +251,14 @@ window.fw_browser = (function(){ "use strict"; return Class.extend(
self.iframe.setAttribute('allow', 'fullscreen');
self.iframe.setAttribute('allowfullscreen', true); // for older browsers
// bind load handler to set overflow-y: auto on body of contentDocument to allow vertical scrolling
self.iframe.addEventListener('load', (ev) => {
const body = self.iframe.contentDocument.getElementsByTagName('body')[0];
body.style.overflowY = 'auto';
});
// for own origin: bind load handler to set overflow-y: auto on body of contentDocument to allow vertical scrolling
if (_url[0] === '/' || top.location.origin === _url.replace(/^(https?:\/\/[^/]+)\/.*$/, '$1'))
{
self.iframe.addEventListener('load', (ev) => {
const body = self.iframe.contentDocument.getElementsByTagName('body')[0];
body.style.overflowY = 'auto';
});
}
//Load the iframe content
self.iframe.src = _url;