[Webkit-unassigned] [Bug 215589] New: Sandboxed iframes don't fire DOMContentLoaded
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 17 15:24:05 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=215589
Bug ID: 215589
Summary: Sandboxed iframes don't fire DOMContentLoaded
Product: WebKit
Version: Safari 13
Hardware: Macintosh
OS: macOS 10.15
Status: NEW
Severity: Normal
Priority: P2
Component: DOM
Assignee: webkit-unassigned at lists.webkit.org
Reporter: matb at microsoft.com
Created attachment 406747
--> https://bugs.webkit.org/attachment.cgi?id=406747&action=review
Example test case
Sandboxed iframes that do not set `allow-scripts` do not seem to fire `DOMContentLoaded`. Here's a quick example
const iframe = document.createElement('iframe')
iframe.setAttribute('sandbox', 'allow-same-origin')
iframe.src = './other'
document.body.append(iframe)
iframe.contentWindow.addEventListener('DOMContentLoaded', () => {
console.log('loaded');
});
The event is fired if the iframe is not sandboxed or if `allow-scripts` is included in the sandbox. The sandboxed iframe does fire events in Chrome and Firefox.
This is similar to https://bugs.webkit.org/show_bug.cgi?id=33604 but for sandboxed iframes
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200817/60c2fb25/attachment.htm>
More information about the webkit-unassigned
mailing list