[wp-trac] [WordPress Trac] #42341: Add sandbox attribute to Customizer preview iframe to prevent top-navigation
WordPress Trac
noreply at wordpress.org
Thu Oct 26 05:30:36 UTC 2017
#42341: Add sandbox attribute to Customizer preview iframe to prevent top-
navigation
--------------------------+-------------------------
Reporter: westonruter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.0
Component: Customize | Version: 3.4
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------+-------------------------
We go through some hoops to prevent a script in the Customizer preview
from attempting to set the `top` window. For example:
https://github.com/WordPress/wordpress-develop/blob/2ddcc54/src/wp-
includes/js/customize-preview.js#L381-L384
The `iframe` element in HTML5 supports a `sandbox` attribute which we can
use to prevent the window from changing the loaded `top` window.
See https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-
sandbox
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42341>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list