Using sandbox in iFrame

Use this board for starting discussions, asking questions, and giving advice on Web programming for the IBM i platform (and predecessors.)
dougmatthews47
Profound User
Posts: 35
Joined: Fri Jan 12, 2018 10:53 am
First Name: Doug
Last Name: Matthews
Company Name: Maverick Transportation
Contact:

Using sandbox in iFrame

Post by dougmatthews47 »

Hello,
Sorry if this topic has been covered. I could not find it.
Is there a way to prevent an external web page from "Busting Out" of the iFrame element. I have searched the interwebs and could only find references to using a "sandbox=" attribute.
I am guessing this would mean creating a custom widget with this attribute?
Does the built in profound widget accept this as an applyProperty()?
Guess I'm confused on how assign this property to the iFrame widget.

Is there another way to accomplish this?

Thanks

Doug
User avatar
matt.denninghoff
Profound Logic Staff Member
Posts: 115
Joined: Wed Feb 10, 2016 3:53 pm
First Name: Matthew
Last Name: Denninghoff
Company Name: Profound Logic Software
State / Province: Ohio
Country: United States
Contact:

Re: Using sandbox in iFrame

Post by matt.denninghoff »

The iframe widget is a standard IFRAME tag wrapped inside of a DIV tag. There is no Profound UI property to set the HTML tag's "sandbox" attribute. So, yes, you could create a custom widget that always sets the "sandbox" attribute. You could also use the HTML Container widget, and set its "html" property to something like

Code: Select all

<iframe src="yourUrlGoesHere" style="width:100%; height:100%" sandbox></iframe>
You might try the HTML Container first to test the results before you go through the effort of making a custom widget.

I've never heard of an iframe's contents "busting out" of the element, unless the iframe document and parent page's document are of the same origin: same protocol, domain, and port number. When the parent and iframe document have different origins, then the browser should not let one's document interact with the other.
dougmatthews47
Profound User
Posts: 35
Joined: Fri Jan 12, 2018 10:53 am
First Name: Doug
Last Name: Matthews
Company Name: Maverick Transportation
Contact:

Re: Using sandbox in iFrame

Post by dougmatthews47 »

yeah, it's strange what this site is doing. It keeps launching it's own page and causes profound to throw up a message asking if you want to leave this site. if you click yes to leave, the website takes over the entire page. If you click stay everything stays as it should. Quite annoying.

This is just a simple iFrame with the url set to a specific login page from the external site.
dougmatthews47
Profound User
Posts: 35
Joined: Fri Jan 12, 2018 10:53 am
First Name: Doug
Last Name: Matthews
Company Name: Maverick Transportation
Contact:

Re: Using sandbox in iFrame

Post by dougmatthews47 »

Nothing I do is working. Can you get this url to work inside an iFrame?.....

https://login.omnitracs.com/login.jsp
dougmatthews47
Profound User
Posts: 35
Joined: Fri Jan 12, 2018 10:53 am
First Name: Doug
Last Name: Matthews
Company Name: Maverick Transportation
Contact:

Re: Using sandbox in iFrame

Post by dougmatthews47 »

Found what they are doing.....

/* iframeBurster runs on page load. if the login page isn't the topmost frame, it
* 'bursts' any containing iframes by reloading in the topmost frame. */
function iframeBurster() {
if(window.top!=window.self) { // if this isn't the topmost window
window.top.location = window.self.location;
}
}

Anyway around this?

Thanks

Doug
SeanTyree
Profound User
Posts: 76
Joined: Fri Jan 11, 2013 6:11 pm
First Name: Sean
Last Name: Tyree
Company Name: US HealthWorks
State / Province: California
Zip / Postal Code: 91355
Country: United States
Contact:

Re: Using sandbox in iFrame

Post by SeanTyree »

Doug,

Since the page you are opening in the iFrame is pushing itself out of the iFrame, there is probably nothing that you can do to prevent this. One alternative would be to either open it in a popup window, or open in a new window/tab.

Sean
Scott Klement
Experienced User
Posts: 2711
Joined: Wed Aug 01, 2012 8:58 am
First Name: Scott
Last Name: Klement
Company Name: Profound Logic
City: Milwaukee
State / Province: Wisconsin

Re: Using sandbox in iFrame

Post by Scott Klement »

They clearly do not want you running their page in an iframe, so they are trying very hard to prevent it. There''s noting Profound UI can do to prevent them from busting out of the iframe. I'm not familiar with this particular site, but there are some sites where they do provide alternate URLs for this sort of thing.... for example, Google Maps won't run in an iframe normally, but they have an "embed" URL that will. You would need to contact the omnitracs people and see if they have an alternate link that would work.

Alternately, you could launch the link using JavaScript in an onclick (or, really, any JavaScript event) and do something like this:

Code: Select all

window.open("https://login.omnitracs.com/login.jsp");
That will cause the link to open in a separate window from Profound UI, therefore would not require you to close/end your Profound UI session. Or, finally, if you do want want end your Profound UI session for some reason (I don't know why, but just trying to cover all bases, here) you could link to the alternate site and close Profound UI without the "are you sure" popup by doing this from a JavaScript event:

Code: Select all

pui.link("https://login.omnitracs.com/login.jsp");
dougmatthews47
Profound User
Posts: 35
Joined: Fri Jan 12, 2018 10:53 am
First Name: Doug
Last Name: Matthews
Company Name: Maverick Transportation
Contact:

Re: Using sandbox in iFrame

Post by dougmatthews47 »

window.open() works perfectly. Don't know why I didnt think of that. Kind of a Duh moment.

Thanks

Doug
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests