javascript - iframe sandbox not loading foreign fonts -
so have web app contains iframe
loads bootstrap glyphicons
index.html iframes frame.html
glyphicons font of symbols can use instead of images. benefit of can change size without stretching , can change color easily.
html5 allows import font css3
example:
@font-face { font-family: 'glyphicons halflings'; src: url('../fonts/glyphicons-halflings-regular.eot'); src: url('../fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'), url('../fonts/glyphicons-halflings-regular.woff2') format('woff2'), url('../fonts/glyphicons-halflings-regular.woff') format('woff'), url('../fonts/glyphicons-halflings-regular.ttf') format('truetype'), url('../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular') format('svg'); }
this works fine while iframe src file run on own. second load in **iframe sandbox**
fails.
this fails
<iframe src="frame.html" sandbox="allow-scripts" />
however, works
<iframe src="frame.html" sandbox="allow-same-origin allow-scripts" />
allow-same-origin
huge security risk me.
is there white-list
or black-list
can modify allow fonts. there doesnt seem sandbox property allows it.
any appreciated
Comments
Post a Comment