Awesome! Thanks :) On Thursday, 23 March 2017 21:30:20 UTC+5:30, Kevin Reid wrote: > > On Thu, Mar 23, 2017 at 1:49 AM, Tapan Anand <[email protected] > <javascript:>> wrote: > >> Does caja support the src attribute of iframe? I see the iframe tag >> whitelisted in the whitelist file (html4-elements-whitelist.json) but when >> I try to run the code that I have shared in this plunker: >> https://plnkr.co/edit/dQoxqpZBGTUNe0k1W8QM >> The childPage is not fetched at all. >> ... >> I just wanted to make sure that Caja does sanitize all content written >> into the iframe using document.write? >> > > Yes, that is all correct. Caja does not implement loading iframe src, but > the guest code can create an iframe and manipulate it using document.write > or DOM operations, and it is sandboxed just as the outer document is. > >
-- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
