mirrors/forgejo
1
1
Fork 1
mirror of https://codeberg.org/forgejo/forgejo synced 2025-09-17 05:02:56 +02:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/web_src/js/markup/content.js
Bojidar Marinov 81d90e1b0d fix: Fix invisible iframes with RENDER_CONTENT_MODE=iframe (#8378) 
b01dce2a6e added support for `RENDER_CONTENT_MODE=iframe` which used `onload="this.height=this.contentWindow.document.documentElement.scrollHeight"` to set the height of the iframe to the height of the embedded document.
Unfortunately, while this might have worked at some point, with `sandbox="allow-scripts"`, the document embedded in the iframe is counted as a cross-origin document, and browsers prevent any access to cross-origin documents.
[The solution](https://stackoverflow.com/questions/8223239/how-to-get-height-of-iframe-cross-domain) is to instead use `window.postMessage` to pass the height from the embedded document back to the embedding page.
Would appreciate a review of the privacy implications of this change—I feel it's probably "okay", but I'm not convinced my analysis is perfect.

Resolves #7586

Manual test:

1. Add the following snippet to your `app.ini`:
```ini
[markup.html]
ENABLED = true
FILE_EXTENSIONS = .html
RENDER_COMMAND = cat
RENDER_CONTENT_MODE = iframe
NEED_POSTPROCESS = false
```
2. Create a file in a repository with the name `test.html` and with the following contents:
```html
<!DOCTYPE html>

<html lang="en">
<head>
<meta charset="utf-8"/>
</head>
<body>
Hi from iframe!
Here is a random number: <script>document.write(Math.random())</script>.
</body>
</html>
```
3. Go to the file.
4. Observe the HTML is rendered and that the height is not larger than it needs to be (38 pixels).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8378
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Bojidar Marinov <bojidar.marinov.bg@gmail.com>
Co-committed-by: Bojidar Marinov <bojidar.marinov.bg@gmail.com>
2025-09-06 16:23:01 +02:00

20 lines
552 B
JavaScript
Raw Permalink Blame History

import {renderMermaid} from './mermaid.js';
import {renderMath} from './math.js';
import {renderCodeCopy} from './codecopy.js';
import {renderAsciicast} from './asciicast.js';
import {renderExternal} from './external.js';
import {initMarkupTasklist} from './tasklist.js';
// code that runs for all markup content
export function initMarkupContent() {
renderMermaid();
renderMath();
renderCodeCopy();
renderAsciicast();
renderExternal();
}
// code that only runs for comments
export function initCommentContent() {
initMarkupTasklist();
}
Reference in a new issue View git blame Copy permalink