Skip to content
This repository was archived by the owner on Feb 16, 2021. It is now read-only.

IFrame security analysis pages #17

Merged
merged 3 commits into from
Dec 8, 2014
Merged

IFrame security analysis pages #17

merged 3 commits into from
Dec 8, 2014

Conversation

JamesMGreene
Copy link
Member

Created test pages to analyze iframe sandboxing and its impact on ZeroClipboard (a sandboxed iframe is not allowed to instantiate plugins).

This is why ZeroClipboard no longer works on JSFiddle, CodePen, etc. However, the analysis results illuminated at least one interesting possibility: both of those sites have their sandboxes setup such that they could be removed by the child frame and readded afterward (if readding it doesn't destroy plugin instances, that is). So, we can at least show those who want to use ZeroClipboard on JSFiddle/CodePen how to game the system and explain to them why it is necessary (boo, Flash Player).

Ref zeroclipboard/zeroclipboard#511

http://zeroclipboard.org/test-iframes.html (or locally, http://localhost:3000/test-iframes-local.html)

@JamesMGreene JamesMGreene merged commit e6a3a77 into zeroclipboard:gh-pages Dec 8, 2014
@JamesMGreene JamesMGreene deleted the iframe_test branch December 8, 2014 21:45
@JamesMGreene JamesMGreene restored the iframe_test branch December 8, 2014 21:45
@JamesMGreene
Copy link
Member Author

P.S. @jonrohan: This PR snuck Bootstrap into the site... but only on the iframe test pages 😉

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JamesMGreene