How to set "Allow scripts" permissions?


Im totally stuck on this issue and theres nothing online that can show me the way here.

Basically Ive created a link thats resides inside my infobox, this link is another html page in my home directory that contains some linking scripts to the three.js framework and displays an animated three.js object. For some reason though it wont display the three.js object instead gives me the error below:

Blocked script execution in “URL” because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set.

Im really banging my head against a wall on this one as its stopping me from progressing on a particular project that will make or break the need to use Cesium in the future. Ive tried ChatGPT which comes up with some good suggestions regarding an iframe and setting “allow scripts” in the body tag etc but it doesnt work.


Hi @Aikiman,

I believe this is the issue you’re running into: script tags do not work in entity descriptions · Issue #5147 · CesiumGS/cesium · GitHub

There hasn’t been any work done on that issue, but we would happily review a PR if you have the bandwidth to tackle it. :smiley:


Thanks for chiming in. In my case Im not executing any scripts in the descriptions HTML which is a little confusing but the only workaround I have found is to create your own custom div “infobox”, and control the UI via javascript. This bypasses Cesiums own infobox which come with restrictions to prevent malicious software Ive read.


I found this work around:

We simply documented it in our app so users right click and open in new window to open the links. I agree that it is clunky though. I followed the original link and it looks like someone pushed a resolution back in 2018, but the PR was refused by Cesium staff:

“thanks for all the work you put into this @YonatanKra, but I don’t think this is a change we want to take. The settings we have on the InfoBox are for security reasons, and we want to disable them.”

Is this still the cesium’s position in 2023? It seems to me a very reasonable thing to make this user configurable so an end user of cesium can overide those security settings…

Thanks again for the contribution!