feat: improve iframe security

Security update, see w3c/webextensions#637 (comment)
translate-tools · Jun 13, 2024 · 31ad3d1 · 31ad3d1
1 parent a881b3e
commit 31ad3d1
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 8 deletions.
diff --git a/src/offscreen-documents/main/main.ts b/src/offscreen-documents/main/main.ts
@@ -12,9 +12,6 @@ document.addEventListener('DOMContentLoaded', async () => {
 
 	const workerIframe = document.createElement('iframe', {});
 	workerIframe.src = '/offscreen-documents/worker/worker.html';
-	workerIframe.setAttribute(
-		'sandbox',
-		'allow-same-origin allow-scripts allow-popups allow-forms',
-	);
+	workerIframe.setAttribute('sandbox', 'allow-scripts');
 	document.body.appendChild(workerIframe);
 });
diff --git a/src/requests/offscreen/customTranslators/index.ts b/src/requests/offscreen/customTranslators/index.ts
@@ -25,10 +25,7 @@ export const customTranslatorCreate = buildBackendRequest<
 			// Create iframe
 				const iframe = document.createElement('iframe', {});
 				// iframe.src = 'https://example.com';
-				iframe.setAttribute(
-					'sandbox',
-					'allow-same-origin allow-scripts allow-popups allow-forms',
-				);
+				iframe.setAttribute('sandbox', 'allow-scripts');
 				document.body.appendChild(iframe);
 				iframe.src = '/offscreen-documents/translator/translator.html';