Sandboxed links, linking from cesium to page with javascript gives 'allow-scripts' error

Shane_Thomas · July 14, 2016, 2:33pm

I am trying to figure out how to get my entities (or kmls or
any other geo footprint i might have) to open when a link is pressed.

The idea here is that one could click on a warped section on
the cesium JS map and it would open up a dialog there where you could click on
the deep zoom viewer link, popping up a new window/tab to show the warped tile
as a huge image you can scroll all around and get in really close etc. So
this is what I came up with:

(btw the deep image viewer is openseadragon)

hannah · July 14, 2016, 3:35pm

Hello,

The infobox displays content in an iframe and disables running scripts by default for security concerns. If you trust whatever scripts may be coming from your entity descriptions, you can enable scripts like this:

var iframe = document.getElementsByClassName(‘cesium-infoBox-iframe’)[0];
iframe.setAttribute(‘sandbox’, ‘allow-same-origin allow-scripts allow-popups allow-forms’);

Best,

Hannah

Shane_Thomas · July 21, 2016, 7:43pm

I missed this response, just found it and it works thank you so much! I do trust the descriptions cause I am creating the entities myself and by hand. Thank you!

lgsoftwares · January 6, 2017, 11:11pm

Hannah,

In which file i need to add this script code ?

is there any infobox js file ?

In my main file where i have defined cesium its not working.
For data i am using ajax...

Thanks

hannah · January 9, 2017, 1:32pm

You can add this line after you’ve created var viewer = new Cesium.Viewer();

-Hannah

lgsoftwares · January 9, 2017, 6:09pm

Thanks, Hannah.
You have always been a big help.

mehulpatidar901 · March 3, 2017, 9:34am

home.php:1 Blocked script execution in ‘http://localhost/database3/user/home.php’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set.

dear sir these error show in my click to infobox and open new page but result are not good and show these error please help.

thanks

Klaus_Rheinwald1 · March 4, 2017, 6:52am

Try

var viewer = new Cesium.Viewer( options );

$(’.cesium-infoBox-iframe’).attr(‘sandbox’, ‘allow-same-origin allow-scripts allow-popups allow-forms’); // if you use jQuery

document.getElementsByClassName('cesium-infoBox-iframe)[0].setAttribute(‘sandbox’, ‘allow-same-origin allow-scripts allow-popups allow-forms’); // this should work in plain JS

This doesn’t eliminate an initial error during initilaization of the info-box (Hannah?), but it will allow links in the infobox.

@Hanna, is this worth an issue? IMHO, this should be done automatically during iniitialization of the iFrame.

HTH

Klaus

hannah · March 6, 2017, 1:40pm

Hello Klaus,

Thanks for helping out with that code sample!

We made a conscious decision to not set these attributes for security purposes. Users may not always have control over the content being added to the infobox so we wanted to sandbox it to prevent malicious scripts from running automatically.

Best,

Hannah