Skip to content

Commit

Permalink
Use allow-popups-to-escape-sandbox for preview sandbox
Browse files Browse the repository at this point in the history 
Otherwise the "popups" opened by clicking on links in preview
are sandbox. This for example breaks youtube links on feeds such as:
https://www.youtube.com/feeds/videos.xml?user=JustinTimberlake
  • Loading branch information
@evilpie
evilpie committed Feb 8, 2021
1 parent 6fdada5 commit 1bd0f69
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
1 change: 0 additions & 1 deletion pages/reader/reader.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ function getPreviewHTML({ items }) {
anchor.href = item.url;
}
anchor.textContent = item.title;
anchor.target = "_blank";
anchor.className = "item_title";

const time = document.createElement("time");
Expand Down
2 changes: 1 addition & 1 deletion pages/subscribe/subscribe.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ async function setPreviewContent(html) {
frame.classList.add("grow");
// DANGER! The next line is security critical for this extension!
// Without this sandbox, malicious feeds can trivially exploit us.
frame.sandbox = "allow-popups";
frame.sandbox = "allow-popups allow-popups-to-escape-sandbox";

const sheetUrl = chrome.extension.getURL("pages/reader/reader.css");
const response = await fetch(sheetUrl);
Expand Down

0 comments on commit 1bd0f69

Please sign in to comment.