Make WordPress Core

Opened 5 months ago

#42341 new defect (bug)

Add sandbox attribute to Customizer preview iframe to prevent top-navigation

Reported by: westonruter Owned by:
Milestone: 5.0 Priority: normal
Severity: normal Version: 3.4
Component: Customize Keywords: needs-patch
Focuses: Cc:


We go through some hoops to prevent a script in the Customizer preview from attempting to set the top window. For example: https://github.com/WordPress/wordpress-develop/blob/2ddcc54/src/wp-includes/js/customize-preview.js#L381-L384

The iframe element in HTML5 supports a sandbox attribute which we can use to prevent the window from changing the loaded top window.

See https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox

Change History (0)

Note: See TracTickets for help on using tickets.