Remove or set sandbox.

FriendUPCloud · Nov 2, 2021 · d0bb172 · d0bb172
1 parent e1993aa
commit d0bb172
Showing 1 changed file with 12 additions and 8 deletions.
diff --git a/interfaces/web_desktop/js/gui/window.js b/interfaces/web_desktop/js/gui/window.js
@@ -1182,7 +1182,7 @@ function _ActivateWindow( div, nopoll, e )
 			}
 			else
 			{
-				if( typeof friendApp == 'undefined' ) fr[ a ].setAttribute( 'sandbox', getSandboxFlags( div.windowObject, DEFAULT_SANDBOX_ATTRIBUTES ) );
+				if( typeof friendApp == 'undefined' ) putSandboxFlags( fr[ a ], getSandboxFlags( div.windowObject, DEFAULT_SANDBOX_ATTRIBUTES ) );
 			}
 		}
 	}
@@ -4134,7 +4134,7 @@ var View = function( args )
 		ifr.authId = self.authId;
 		ifr.applicationName = self.applicationName;
 		ifr.applicationDisplayName = self.applicationDisplayName;
-		ifr.setAttribute( 'sandbox', getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) );
+		putSandboxFlags( ifr, getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) );
 		ifr.view = this._window;
 		ifr.className = 'Content Loading';
 
@@ -4269,7 +4269,7 @@ var View = function( args )
 		iframe.authId = self.authId;
 		iframe.applicationName = self.applicationName;
 		iframe.applicationDisplayName = self.applicationDisplayName;
-		if( typeof friendApp == 'undefined' ) iframe.setAttribute( 'sandbox', getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) ); // allow same origin is probably not a good idea, but a bunch other stuff breaks, so for now..
+		if( typeof friendApp == 'undefined' ) putSandboxFlags( iframe, getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) ); // allow same origin is probably not a good idea, but a bunch other stuff breaks, so for now..
 		iframe.referrerPolicy = 'origin';
 
 		self._window.applicationId = conf.applicationId; // needed for View.close to work
@@ -4320,7 +4320,7 @@ var View = function( args )
 		ifr.applicationId = self.applicationId;
 		ifr.applicationName = self.applicationName;
 		ifr.applicationDisplayName = self.applicationDisplayName;
-		ifr.setAttribute( 'sandbox', getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) );
+		putSandboxFlags( ifr, getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) );
 		ifr.authId = self.authId;
 		ifr.onload = function()
 		{
@@ -4439,7 +4439,7 @@ var View = function( args )
 		ifr.applicationName = self.applicationName;
 		ifr.applicationDisplayName = self.applicationDisplayName;
 		ifr.authId = self.authId;
-		ifr.setAttribute( 'sandbox', getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) );
+		putSandboxFlags( ifr, getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) );
 
 		let conf = this.flags || {};
 		if( this.flags && this.flags.allowScrolling )
@@ -4493,7 +4493,7 @@ var View = function( args )
 		friendU = Trim( friendU );
 
 		if( typeof friendApp == 'undefined'  && ( friendU.length || friendU != targetU || !targetU ) )
-			ifr.setAttribute( 'sandbox', getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) );
+			putSandboxFlags( ifr, getSandboxFlags( this, DEFAULT_SANDBOX_ATTRIBUTES ) );
 
 		// Allow sandbox flags
 		let sbx = ifr.getAttribute( 'sandbox' ) ? ifr.getAttribute( 'sandbox' ) : '';
@@ -6228,11 +6228,15 @@ function getSandboxFlags( win, defaultFlags )
 		flags = defaultFlags;
 	}
 	if( flags === false ) flags = '';
-	if( flags === '' )
-		flags = 'allow-scripts allow-same-origin';
 	return flags;
 }
 
+function putSandboxFlags( iframe, flags )
+{
+	if( flags != '' && flags ) iframe.setAttribute( 'sandbox', flags );
+	else iframe.removeAttribute( 'sandbox' );
+}
+
 // Initialize the events
 function InitWindowEvents()
 {