search

CenterForOpenScience / modular-file-renderer

A Python package for rendering files to HTML via an embeddable iframe
http://modular-file-renderer.readthedocs.io/en/latest/
Apache License 2.0
44 stars 67 forks source link

[SVCS-565] Add sandboxing to Iframes with `allow-scripts` #291

Closed AddisonSchiller closed 7 years ago

AddisonSchiller commented 7 years ago

Ticket

https://openscience.atlassian.net/browse/SVCS-565

Purpose

Add sandboxing to MFR Iframe

Changes

Added sandbox with "allow-scripts" (many renders will not work if you disable javascript)

Side effects

could possibly break a few remote untested file types, but probably not. Could cause problems for future renderers/file types

QA Notes

Could use a wider array of tests. I tested each renderer a few times, but not all file types (and not many edge cases. This will stop things like links in pdfs, or atleast it should I think?)

Deployment Notes

coveralls commented 7 years ago

Coverage Status

Coverage remained the same at 63.828% when pulling fd27cded3e4058fb46149e46d9997b6740e049be on AddisonSchiller:feature/iframe-sandboxing into d6f20ba6170965634f915d53491cbb8e9876a79a on CenterForOpenScience:develop.

felliott commented 7 years ago

Looks good, merging.