Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Jan 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How to show external page in iframe sans Javascript in Firefox?

    I'm trying to load an external site in an iframe for my Firefox visitors. The external page is loaded with javascript, and I would like this to be stripped out. For Chrome, the HTML5 sandbox="" works perfectly, and with IE the security="restricted" does the job just fine. With Firefox, I'm struggling.

    I've been using the CSP policy directive as described here, but I can't seem to get the right configuration. The following line will load the page, but the javascript on the external site still loads.
    PHP Code:
    header("X-Content-Security-Policy: allow 'self'; object-src 'self'; script-src 'self'; frame-src *.externalsite.com; img-src 'self'"); 
    I've tried dozens of other configurations and seem to have hit a brick wall. Will this work with the CSP directive? Should I look somewhere else to allow an external site to load in an iframe sans javascript in Firefox? Is this even possible in Firefox?

  • #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,462
    Thanks
    0
    Thanked 633 Times in 623 Posts
    The options for disabling JavaScript like that are still very new and so not all browsers currently have a way that works.

    One thing that all of the browsers do implement is that whatever page that is loaded in the iframe will not be able to have its JavaScript communicate with anything outside of the iframe unless the page is loaded from the same domain as the main page OR both sites have JavaScript that implements postMessage calls specifically to pass data between them (which you certainly are not going to be implementing on your page). So even if you don't manage to disable the scripts in the loaded page they will still be greatly limited in what they can do.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #3
    New to the CF scene
    Join Date
    Jan 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for your reply felgall. I've been using a php proxy script that loads the page first, strips the javascript, and then displays it in the iframe. I'd really like to not do that, but it seems like with Firefox I'll be stuck until they add in sandbox support.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •