It is possible to use the twitter widget inside a iframe in sandbox-mode?


#1

Hi all,

it is possible to use the twitter widget inside a iframe in sandbox-mode?

Actually we’re trying to use the following script (called “twitter.html”) inside a iframe in sandbox-mode and we’re getting an error.

<a class="twitter-timeline" target="_blank" href="https://twitter.com/XXX" data-widget-id="XXX" data-chrome="noheader nofooter noborders" width="100%" height="350">Tweets von XXX</a>
<script>
!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");
</script>

The iFrame code is

<iframe sandbox="allow-scripts" src="http://localhost:8080/cdn/twitter.html">
</iframe>

If we use the iframe with the parameter “allow-same-origin” is working.

<iframe sandbox="allow-scripts allow-same-origin" src="http://localhost:8080/cdn/twitter.html">
</iframe>

But the problem then is, that the JS is able to manipulate the parent site, which is not allowed in our company.

Do you may have any solutions or hints, how we have to implement the script securely?

Best regards and many thanks
Mario


#2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.