I have this code:
<iframe sandbox="allow-scripts allow-same-origin"
src="//sportsbay.org/embed/72691/1/fc-juarez-vs-chivas-guadalajara-live.html"
width="100%" height="100%" frameborder="0"></iframe>
If I use it without: sandbox="allow-scripts allow-same-origin" it works well.
But when I add the sandbox code it says: "Sandboxing is not allowed"
Is it possible to somehow force to use sandbox without getting that error?
No.
The site has code which detects it is sandboxed and refuses to display the content when it is.
Presumably, this is because they use features you are blocking in order to make money on their (looks at the name of the site) presumably copyright-infringing content.
Related
For personal use, I want to block popup coming from 3rd part iframe website. I tried to use sandbox but if it's working for some, most of embedded websites block the video when the iframe is sandboxed.
Is there an alternative way ? I can't use browser extension.
With sandbox (the embedded websites block the read)
<iframe src="https://doodstream.com/e/ouwwyxd8yu4u" sandbox = "allow-forms allow-pointer-lock allow-same-origin allow-scripts allow-top-navigation" allowfullscreen="true"></iframe>
The embedded website checks if I use sandbox so I can't use sandbox to block "popup".
Without sandbox, too many popups from the embedded websites.
<iframe src="https://doodstream.com/e/ouwwyxd8yu4u" allowfullscreen="true"></iframe>
i am using a simple iframe html code where i am embedding the jitsi meet url. now the problem is after finishing a meeting with jitsi it redirects to its close3.html page. i dont want to show this in my iframe. i want to close my iframe when it redirects to close3.html page. i have tried with sandbox. but after using sandbox camera and microphone access turns disable.
here is my iframe code
<iframe
title="Open identification process"
src="https://meet.jit.si/4b7562c798c20e3dd523b2298cad5327"
frameBorder="0"
width="600"
height="800"
allow="camera; microphone"
id="iframe"
onLoad="alert('Test');"
/>
You will face the Same Origin Policy when you try to do.
You can't access an <iframe> with different origin using JavaScript,
it would be a huge security flaw if you could do it.
Even so, you could use that method:
document.getElementById("iframe_id").contentWindow.location.href
Further Information
<iframe src='https://docs.google.com/viewer?url=https://docs.google.com/document/d/125CJmmlBfy7UgfYuBAmb1_HSCuyz8NV133361KTK1SE/export?format%3Dpdf&id=125CJmmlBfy7UgfYuBAmb1_HSCuyz8NV133361KTK1SE&embedded=false' frameborder='0'></iframe>
after this code I have next error
Refused to display 'https://docs.google.com/a/myrussiaonline.ru/viewer?url=https://docs.google.…ormat%3Dpdf&id=125CJmmlBfy7UgfYuBAmb1_HSCuyz8NV133361KTK1SE&embedded=false' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
If I set
<iframe src='https://docs.google.com/viewer?url=https://docs.google.com/document/d/125CJmmlBfy7UgfYuBAmb1_HSCuyz8NV133361KTK1SE/export?format%3Dpdf&id=125CJmmlBfy7UgfYuBAmb1_HSCuyz8NV133361KTK1SE&embedded=true' frameborder='0'></iframe>
Then, all fine
Can I set &embedded=false and have correct render without error?
Thanks
The only way I've found to get the Google Docs Viewer to work in an iframe is:
<iframe src="https://docs.google.com/viewer?srcid=[YOUR_FILE'S_ID_HERE]&pid=explorer&efh=false&a=v&chrome=false&embedded=true" width="800" height="600" style="border: none;"></iframe>
Try this tutorial-
https://www.youtube.com/embed/A5SkbcId-v0
U should have your answer.
Update-
According to Google Policy, if u like to have your document viewed with a iFrame, then embedded=true should be in the URL.
Demo Code-
<iframe src='https://docs.google.com/viewer?url=https://docs.google.com/document/d/125CJmmlBfy7UgfYuBAmb1_HSCuyz8NV133361KTK1SE/export?format%3Dpdf&id=125CJmmlBfy7UgfYuBAmb1_HSCuyz8NV133361KTK1SE&embedded=true' frameborder='0'></iframe>
First you should go to your document on google drive :
click file
publish to the web
embed
publish
You will get the code of the iframe you can use it to visualize your spreadsheet without the possibility to edit it
No, you can not, this parameter is specify that source would be embedded. And the idea behind using it is to avoid clickjacking attacks
The return value of document.location.href will become javascript:window["contents"] sometimes.
When it will happened? how to avoid it?
I found out
The code is placed in an iframe without src url.
<iframe id="google_ads_iframe_/21202031/LTN-000-03-HOME-120X600-DISPLAY_0" name="google_ads_iframe_/21202031/LTN-000-03-HOME-120X600-DISPLAY_0" width="120" height="600" scrolling="no" marginwidth="0" marginheight="0" frameborder="0" src="javascript:"<html><body style='background:transparent'></body></html>"" style="border: 0px; vertical-align: bottom;"></iframe>
As you already have suspected, this indeed has to do with (I)Frames and more specifically, the way some scripts/libraries work with those frames.
It is a technique to avoid a ReferenceError (in IE) in some cases when loading an external javascript (that is loaded asynchronous) which holds/provides variables/objects that are used in the frame's inline-script-source.
To quote the most relevant part from an article called 'inject content into a new iframe' :
Instead of using document.open/write/close we use the following
approach:
iframe.contentWindow.contents = content;
iframe.src = 'javascript:window["contents"]';
First, we assign the dynamic content to a variable on the iframe’s
window object. Then we invoke it via the javascript: scheme. This not
only renders the HTML properly, but loads and executes the scripts in
the desired order.
This is also in-line with a similar answer on SO.
Hope this helps!
For me I have 3 tabs that open with Internet Explorer ... Yahoo, MSN and my email account. Went to "tools" >Internet Options and removed Yahoo, okay and closed. After I verified that I no longer got the java script error tab I reinstalled Yahoo and that solved the problem.
I have an iFrame inside my HTML code.
This iFrame has a javascript that shows Window.alert() popups.
How can I prevent them from appearing? and also prevent the iFrame from interacting with my window?
I'm using GWT's Frame If that's relevent.
== EDIT ==
The iFrame is not in the same domain as my website so i can't access the Javascript code from the iFrame
For browsers that support the sandbox attribute on <iframe>s, you can disable ALL JavaScript (including alerts).
<iframe sandbox src="..."></iframe>
I know this is a bit late, but I have an improvement to philfreo's answer. Iframe sandbox has an allow-popups attribute you can exclude. Try this: <iframe sandbox="allow-scripts allow-forms allow-pointer-lock allow-same-origin" src="..."></iframe>
As your iframe is not in the same domain, it's impossible to script it (and remove the alert) because of the Same origin Policy
I'm sorry, but that's the answer
Cheers
I have tried to solve you issue.
So I found a way to help you.
Here is my way.
document.getElementById('iframe-src').contentWindow.alert = function(){}
And this way worked well.
Cheers
sandbox attribute will help you to block alert() from iframe
<iframe sandbox src="..."></iframe>