Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugfix: workaround to inject content script on iframes with srcdoc and sandbox attributes #8921

Closed
mnholtz opened this issue Jul 24, 2024 · 3 comments · Fixed by #8922
Closed

Bugfix: workaround to inject content script on iframes with srcdoc and sandbox attributes #8921

mnholtz opened this issue Jul 24, 2024 · 3 comments · Fixed by #8922
Assignees
@mnholtz
Labels
bug Something isn't working

Comments

@mnholtz
Copy link
Collaborator

mnholtz commented Jul 24, 2024
edited
Loading

A bug was introduced in chromium and included in the latest version of Chrome 127 that prevents the content script from loading in iframes with both the srcdoc and sandbox attributes set, e.g. <iframe srcdoc="..." sandbox/>. See slack channel #bugfix-sandbox-iframes-chrome-update for more details.

The proposed workaround is programmatically removing the sandbox attribute and reloading the iframe to trigger content script injection. This strategy was discussed in the past regarding issues with sandboxed iframes, but a different approach was taken at the time.

Implementation sketch

  • Add some logic to content script initialization that will iterate over all iframes on the page
  • Remove the sandbox attr, if present, and reload the frame
@mnholtz mnholtz added the bug Something isn't working label Jul 24, 2024
@mnholtz mnholtz self-assigned this Jul 24, 2024
@mnholtz mnholtz mentioned this issue Jul 24, 2024
Merged
mnholtz added a commit that referenced this issue Jul 24, 2024
@mnholtz
#8921 Fix content script injection on sandboxed srcdoc iframes (#8922)
fb465a9 
* add for loop in contentScriptCore to remove the sandbox attr and reload

* remove skip for related tests

* refactor extract logic into ensureSandboxSrcdocIframeInjection

* refactor use srdoc and sandbox selector instead of if statement

* fix type error

* fix comment typo
@fungairino fungairino reopened this Jul 25, 2024
@fungairino
Copy link
Collaborator

fungairino commented Jul 25, 2024
edited
Loading

Re-opening to track adressing this issue with a less hacky fix using
"match_origin_as_fallback": true,
in our manifest.json

@fungairino
Copy link
Collaborator

Referencing the proposed fix here:
https://issues.chromium.org/issues/355256366#comment4

I tried it out but it doesn't seem to work for us. Although it does seem to work in the minimum reproducible example shared in that same ticket.

@mnholtz mnholtz mentioned this issue Jul 25, 2024
Open
@mnholtz
Copy link
Collaborator Author

mnholtz commented Jul 25, 2024

Closing in favor of #8927

@mnholtz mnholtz closed this as completed Jul 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mnholtz mnholtz

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#8921 Fix content script injection on sandboxed srcdoc iframes pixiebrix/pixiebrix-extension
2 participants
@fungairino @mnholtz