Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocked script execution in '<URL>' #2217

Closed
roughnecks opened this issue Dec 8, 2024 · 10 comments · Fixed by #2218
Closed

Blocked script execution in '<URL>' #2217

roughnecks opened this issue Dec 8, 2024 · 10 comments · Fixed by #2218
Assignees
@manuel-rw

Comments

@roughnecks
Copy link

Hello,

not sure if this came after latest security patch to homarr..
Blocked script execution in '<URL>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

I cannot click anything anymore inside an iframe (widget).

Thanks
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 8, 2024

Hi 👋. Thank you for submitting your first issue to Homarr. Please ensure that you've provided all nessesary information. You can use the three dots > Edit button to update your post with additional images and information. Depending on the current volume of requests, the team should get in conact with you shortly.

@Meierschlumpf
Copy link
Collaborator

Hey

Sorry for the inconvenience, we'll try to find a better long term solution in the coming week(s)

@manuel-rw manuel-rw pinned this issue Dec 8, 2024
@manuel-rw manuel-rw self-assigned this Dec 8, 2024
@manuel-rw
Copy link
Collaborator

I have developed a fix that I will push soon:
image
Sorry, we didn't plan on breaking JavaScript entirely. Personally, I wasn't aware that the sandbox property disables JavaScript also in the content itself.
Starting from 1.0, we will have automated testing in place to ensure that we make less regressions and mistakes.

@roughnecks
Copy link
Author

Thanks both 👍

@manuel-rw manuel-rw linked a pull request Dec 8, 2024 that will close this issue
fix: iframes javascript content #2218
Merged
@manuel-rw
Copy link
Collaborator

Can you check whether the issue has been resolved for you in the dev docker image? Testing on my side was successful.

@roughnecks
Copy link
Author

Can you check whether the issue has been resolved for you in the dev docker image? Testing on my side was successful.

any side-effect I might encounter doing that?
I'm running homarr as the public home of my lil project, you know..

@manuel-rw
Copy link
Collaborator

manuel-rw commented Dec 8, 2024
edited
Loading

There should be no side effects if you mounted your data correctly (see https://homarr.dev/docs/getting-started/installation#installation ). The image is virtually the same. We simply push changes to dev all the time but release only sporadically to latest whenever we want to release new features.
But as always, making backups is recommended - regardless of what you do.
Don't forget to go back to latest as soon as you're done. Alternatively, you can spin up a second instance with the dev image to reduce risk of downtime, ...

@lorddusk
Copy link

lorddusk commented Dec 8, 2024

Can confirm running :dev: makes it work again.

@manuel-rw
Copy link
Collaborator

Thank you, I will then prepare the release. Thanks for the help

@roughnecks
Copy link
Author

roughnecks commented Dec 8, 2024
edited
Loading

Works for me too (I just installed new release).

@Meierschlumpf Meierschlumpf unpinned this issue Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manuel-rw manuel-rw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: iframes javascript content ajnart/homarr
4 participants
@lorddusk @roughnecks @manuel-rw @Meierschlumpf