search

jgraph / drawio

draw.io is a JavaScript, client-side editor for general diagramming.
https://www.drawio.com
Apache License 2.0
39.47k stars 7.38k forks source link

iframe sandbox .... #4483

Open DeepDiver1975 opened 1 week ago

DeepDiver1975 commented 1 week ago

This is a continuation of #4340.

I found one more test scenario where the service worker is executed and results in an error due to iframe sandbox setup

It happens when the drawio editor is called without loading any file

<html>

<body>

    <iframe src="https://embed.diagrams.net?embed=1" sandbox="allow-scripts">
    </iframe>

</body>

</html>

image

alderg commented 1 week ago

We can't reproduce this case. Could you provide a link to a test case?

DeepDiver1975 commented 1 week ago

We can't reproduce this case. Could you provide a link to a test case?

It might be depending on the browser - the error message in console pops up in Firefox on linux but not on Chromium in linux. But the behavior is the same.

For me it is sufficient to save the provided content in an html file and load this in the browser.

Let me know in case you need more information - happy to help.