Using sandbox in iFrame

[dougmatthews47]

Hello,
Sorry if this topic has been covered. I could not find it.
Is there a way to prevent an external web page from "Busting Out" of the iFrame element. I have searched the interwebs and could only find references to using a "sandbox=" attribute.
I am guessing this would mean creating a custom widget with this attribute?
Does the built in profound widget accept this as an applyProperty()?
Guess I'm confused on how assign this property to the iFrame widget.

Is there another way to accomplish this?

Thanks

Doug

[matt.denninghoff]

The iframe widget is a standard IFRAME tag wrapped inside of a DIV tag. There is no Profound UI property to set the HTML tag's "sandbox" attribute. So, yes, you could create a custom widget that always sets the "sandbox" attribute. You could also use the HTML Container widget, and set its "html" property to something like

Code: Select all

<iframe src="yourUrlGoesHere" style="width:100%; height:100%" sandbox></iframe>

You might try the HTML Container first to test the results before you go through the effort of making a custom widget.

I've never heard of an iframe's contents "busting out" of the element, unless the iframe document and parent page's document are of the same origin: same protocol, domain, and port number. When the parent and iframe document have different origins, then the browser should not let one's document interact with the other.

[dougmatthews47]

yeah, it's strange what this site is doing. It keeps launching it's own page and causes profound to throw up a message asking if you want to leave this site. if you click yes to leave, the website takes over the entire page. If you click stay everything stays as it should. Quite annoying.

This is just a simple iFrame with the url set to a specific login page from the external site.

[dougmatthews47]

Nothing I do is working. Can you get this url to work inside an iFrame?.....

https://login.omnitracs.com/login.jsp

[dougmatthews47]

Found what they are doing.....

/* iframeBurster runs on page load. if the login page isn't the topmost frame, it
* 'bursts' any containing iframes by reloading in the topmost frame. */
function iframeBurster() {
if(window.top!=window.self) { // if this isn't the topmost window
window.top.location = window.self.location;
}
}

Anyway around this?

Thanks

Doug

[SeanTyree]

Doug,

Since the page you are opening in the iFrame is pushing itself out of the iFrame, there is probably nothing that you can do to prevent this. One alternative would be to either open it in a popup window, or open in a new window/tab.

Sean

[Scott Klement]

They clearly do not want you running their page in an iframe, so they are trying very hard to prevent it. There''s noting Profound UI can do to prevent them from busting out of the iframe. I'm not familiar with this particular site, but there are some sites where they do provide alternate URLs for this sort of thing.... for example, Google Maps won't run in an iframe normally, but they have an "embed" URL that will. You would need to contact the omnitracs people and see if they have an alternate link that would work.

Alternately, you could launch the link using JavaScript in an onclick (or, really, any JavaScript event) and do something like this:

Code: Select all

window.open("https://login.omnitracs.com/login.jsp");

That will cause the link to open in a separate window from Profound UI, therefore would not require you to close/end your Profound UI session. Or, finally, if you do want want end your Profound UI session for some reason (I don't know why, but just trying to cover all bases, here) you could link to the alternate site and close Profound UI without the "are you sure" popup by doing this from a JavaScript event:

Code: Select all

pui.link("https://login.omnitracs.com/login.jsp");

[dougmatthews47]

window.open() works perfectly. Don't know why I didnt think of that. Kind of a Duh moment.

Thanks

Doug