Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sandbox attribute to YouTube and Vimeo player #4566

Closed
compulim opened this issue Dec 12, 2022 · 0 comments · Fixed by #4567
Closed

Add sandbox attribute to YouTube and Vimeo player #4566

compulim opened this issue Dec 12, 2022 · 0 comments · Fixed by #4567
Labels
bug Indicates an unexpected problem or an unintended behavior.
Milestone
imminent

Comments

@compulim
Copy link
Contributor

Is it an issue related to Adaptive Cards?

No

Is this an accessibility issue?

No

What version of Web Chat are you using?

Latest production

Which distribution are you using Web Chat from?

Bundle (webchat.js)

Which hosting environment does this issue primarily affect?

Web apps

Which browsers and platforms do the issue happened?

No response

Which area does this issue affect?

Others or unrelated

What is the public URL for the website?

No response

Please describe the bug

We should add sandbox="allow-same-origin allow-scripts" to the YouTube IFRAME video player and Vimeo IFRAME video player.

So, they should appear as <iframe sandbox="allow-same-origin allow-scripts">.

Do you see any errors in console log?

No response

How to reproduce the issue?

  1. Navigate to https://compulim.github.io/webchat-loader/
  2. Type and send "video youtube" and "video vimeo"

What do you expect?

The <iframe> element should have sandbox="allow-same-origin allow-scripts" attribute.

What actually happened?

The <iframe> element does not have sandbox attribute.

Do you have any screenshots or recordings to repro the issue?

image

Adaptive Card JSON

No response

Additional context

No response
@compulim compulim added bug Indicates an unexpected problem or an unintended behavior. customer-reported Required for internal Azure reporting. Do not delete. Bot Services Required for internal Azure reporting. Do not delete. Do not change color. labels Dec 12, 2022
@compulim compulim mentioned this issue Dec 12, 2022
Merged
11 tasks
@compulim compulim removed customer-reported Required for internal Azure reporting. Do not delete. Bot Services Required for internal Azure reporting. Do not delete. Do not change color. labels Dec 12, 2022
@compulim compulim added this to the imminent milestone Dec 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Indicates an unexpected problem or an unintended behavior.
Projects
None yet
Milestone
imminent
Development

Successfully merging a pull request may close this issue.

Add sandbox attribute to YouTube and Vimeo IFRAME video player microsoft/BotFramework-WebChat
1 participant
@compulim