Blocked script execution error when embedding <iframe> in CesiumJS InfoBox (version 1.131.0)

Muhammad_Nizar · September 10, 2025, 2:55am

Hello,

I’m developing a digital twin application using CesiumJS and I’m facing a persistent issue with the InfoBox security. I’m trying to display external content within the InfoBox using an <iframe>, but I keep getting the following error in the console:

Blocked script execution in '...' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

Context Details:

CesiumJS Version: 1.131.0
Goal: Display content from an external URL (e.g., a dashboard or a YouTube video) inside an InfoBox that appears when a pin is clicked.
Implementation: I am creating an entity (pin) and setting its description property with HTML that contains an <iframe>.

Attempts to Fix: I have tried several solutions based on the documentation and community discussions, but none have worked:

Cesium.Viewer Configuration: I added an infoBox property to the viewer configuration to explicitly allow scripts.

JavaScript

const viewer = new Cesium.Viewer('cesiumContainer', {
    infoBox: {
        sanitize: false,
        sandbox: "allow-scripts allow-same-origin allow-popups"
    },
    // ... other configurations
});

This did not resolve the issue.

Adding the sandbox Attribute Directly to the <iframe>: I tried adding the sandbox="allow-scripts allow-same-origin allow-popups" attribute directly to the <iframe> tag within the HTML string for the entity’s description.

HTML
```
<iframe src="..." sandbox="allow-scripts allow-same-origin allow-popups"></iframe>
```
This solution also did not work, which leads me to suspect that the main InfoBox iframe itself is blocking the scripts, not the iframe I created.

My Questions:

Is there a definitive way to configure the InfoBox so that an embedded iframe can run scripts correctly? Is there a configuration change or a method I might be missing? Are there any other security limitations of Cesium or modern browsers that I should be aware of?

I would greatly appreciate any advice or solutions from the community. Thank you very much!

mzschwartz5 · September 11, 2025, 4:19pm

Hi @Muhammad_Nizar,

I’m still not entirely sure what you’re trying to achieve but why do you need to use an <iframe> with the InfoBox? Here’s a sandcastle example that modifies the InfoBox simply to display external content, as you seem to want to do.

Alternatively, you could always define your own UI element if InfoBox is too restrictive. The @cesium/widgets package is mostly intended to be for fast start-up, but you’re welcome to design your own UI components.

Side note: I don’t see any sanitize or sandbox fields in the InfoBox (or InfoBoxViewModel) docs, so I think those fields aren’t doing anything at all.

Best,
Matt

antigrav_kids · September 16, 2025, 2:08pm

@mzschwartz5 , your sandcastle link links back to this post.

Best Rgards,

Hamilton Carter

mzschwartz5 · September 16, 2025, 3:36pm

Whoops, sorry about that. This link should point to the right place.

Topic		Replies	Views
Can't run scripts in infobox CesiumJS	10	4045	December 22, 2021
cesium 1.7.1 infobox CesiumJS	5	728	March 31, 2015
Replacing the infoBox CesiumJS	7	2346	September 20, 2017
Sandboxed links, linking from cesium to page with javascript gives 'allow-scripts' error CesiumJS	8	1651	March 6, 2017
How to set "Allow scripts" permissions? CesiumJS	3	14652	December 19, 2023

Blocked script execution error when embedding <iframe> in CesiumJS InfoBox (version 1.131.0)

Related topics