Added sandbox attribute to Safe App iframe (#1252)

* Added sandbox attribute to Safe App iframe * added allow-popups-to-escape-sandbox
safe-global · Nov 29, 2022 · d982bf6 · d982bf6
1 parent f1fd212
commit d982bf6
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/components/safe-apps/AppFrame/index.tsx b/src/components/safe-apps/AppFrame/index.tsx
@@ -46,6 +46,10 @@ type AppFrameProps = {
   allowedFeaturesList: string
 }
 
+// see sandbox mdn docs for more details https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox
+const IFRAME_SANDBOX_ALLOWED_FEATURES =
+  'allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-forms allow-downloads allow-orientation-lock'
+
 const AppFrame = ({ appUrl, allowedFeaturesList }: AppFrameProps): ReactElement => {
   const chainId = useChainId()
   const [txModalState, openTxModal, closeTxModal] = useTxModal()
@@ -219,6 +223,7 @@ const AppFrame = ({ appUrl, allowedFeaturesList }: AppFrameProps): ReactElement
           src={appUrl}
           title={safeAppFromManifest?.name}
           onLoad={onIframeLoad}
+          sandbox={IFRAME_SANDBOX_ALLOWED_FEATURES}
           allow={allowedFeaturesList}
           style={{
             display: appIsLoading ? 'none' : 'block',