@@ -1182,7 +1182,7 @@ function _ActivateWindow( div, nopoll, e )
11821182 }
11831183 else
11841184 {
1185- if ( typeof friendApp == 'undefined' ) fr [ a ] . setAttribute ( 'sandbox' , getSandboxFlags ( div . windowObject , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
1185+ if ( typeof friendApp == 'undefined' ) putSandboxFlags ( fr [ a ] , getSandboxFlags ( div . windowObject , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
11861186 }
11871187 }
11881188 }
@@ -4134,7 +4134,7 @@ var View = function( args )
41344134 ifr . authId = self . authId ;
41354135 ifr . applicationName = self . applicationName ;
41364136 ifr . applicationDisplayName = self . applicationDisplayName ;
4137- ifr . setAttribute ( 'sandbox' , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
4137+ putSandboxFlags ( ifr , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
41384138 ifr . view = this . _window ;
41394139 ifr . className = 'Content Loading' ;
41404140
@@ -4269,7 +4269,7 @@ var View = function( args )
42694269 iframe . authId = self . authId ;
42704270 iframe . applicationName = self . applicationName ;
42714271 iframe . applicationDisplayName = self . applicationDisplayName ;
4272- if ( typeof friendApp == 'undefined' ) iframe . setAttribute ( 'sandbox' , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ; // allow same origin is probably not a good idea, but a bunch other stuff breaks, so for now..
4272+ if ( typeof friendApp == 'undefined' ) putSandboxFlags ( iframe , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ; // allow same origin is probably not a good idea, but a bunch other stuff breaks, so for now..
42734273 iframe . referrerPolicy = 'origin' ;
42744274
42754275 self . _window . applicationId = conf . applicationId ; // needed for View.close to work
@@ -4320,7 +4320,7 @@ var View = function( args )
43204320 ifr . applicationId = self . applicationId ;
43214321 ifr . applicationName = self . applicationName ;
43224322 ifr . applicationDisplayName = self . applicationDisplayName ;
4323- ifr . setAttribute ( 'sandbox' , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
4323+ putSandboxFlags ( ifr , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
43244324 ifr . authId = self . authId ;
43254325 ifr . onload = function ( )
43264326 {
@@ -4439,7 +4439,7 @@ var View = function( args )
44394439 ifr . applicationName = self . applicationName ;
44404440 ifr . applicationDisplayName = self . applicationDisplayName ;
44414441 ifr . authId = self . authId ;
4442- ifr . setAttribute ( 'sandbox' , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
4442+ putSandboxFlags ( ifr , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
44434443
44444444 let conf = this . flags || { } ;
44454445 if ( this . flags && this . flags . allowScrolling )
@@ -4493,7 +4493,7 @@ var View = function( args )
44934493 friendU = Trim ( friendU ) ;
44944494
44954495 if ( typeof friendApp == 'undefined' && ( friendU . length || friendU != targetU || ! targetU ) )
4496- ifr . setAttribute ( 'sandbox' , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
4496+ putSandboxFlags ( ifr , getSandboxFlags ( this , DEFAULT_SANDBOX_ATTRIBUTES ) ) ;
44974497
44984498 // Allow sandbox flags
44994499 let sbx = ifr . getAttribute ( 'sandbox' ) ? ifr . getAttribute ( 'sandbox' ) : '' ;
@@ -6228,11 +6228,15 @@ function getSandboxFlags( win, defaultFlags )
62286228 flags = defaultFlags ;
62296229 }
62306230 if ( flags === false ) flags = '' ;
6231- if ( flags === '' )
6232- flags = 'allow-scripts allow-same-origin' ;
62336231 return flags ;
62346232}
62356233
6234+ function putSandboxFlags ( iframe , flags )
6235+ {
6236+ if ( flags != '' && flags ) iframe . setAttribute ( 'sandbox' , flags ) ;
6237+ else iframe . removeAttribute ( 'sandbox' ) ;
6238+ }
6239+
62366240// Initialize the events
62376241function InitWindowEvents ( )
62386242{
0 commit comments