moreminimore-vibe

kunthawat/moreminimore-vibe

Fork 0

Commit Graph

Author	SHA1	Message	Date
Will Chen	1c0255ab12	Enable iframe sandbox (#1178 ) This allows almost all the iframe sandbox tokens https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/iframe#sandbox except notably for allow-top-navigation* Note: allow-same-origin should be OK because the main window is under the `file://` origin while the iframe window is served on `localhost:####` <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Enable sandboxing on the preview iframe to isolate preview content while preserving needed capabilities (allow-same-origin, scripts, forms, popups, modals, orientation/pointer lock, presentation, downloads). Top-level navigation remains disallowed; allow-same-origin is safe because the app is file:// and the iframe runs on localhost. <!-- End of auto-generated description by cubic. -->	2025-09-03 14:17:50 -07:00

Author

SHA1

Message

Date

Will Chen

1c0255ab12

Enable iframe sandbox (#1178 )

This allows almost all the iframe sandbox tokens
https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/iframe#sandbox
except notably for allow-top-navigation*

Note: allow-same-origin should be OK because the main window is under
the `file://` origin while the iframe window is served on
`localhost:####`

    
<!-- This is an auto-generated description by cubic. -->
---

## Summary by cubic
Enable sandboxing on the preview iframe to isolate preview content while
preserving needed capabilities (allow-same-origin, scripts, forms,
popups, modals, orientation/pointer lock, presentation, downloads).
Top-level navigation remains disallowed; allow-same-origin is safe
because the app is file:// and the iframe runs on localhost.

<!-- End of auto-generated description by cubic. -->

2025-09-03 14:17:50 -07:00

1 Commits