Menu
I have gone through other similar issues to solve this particular issue, but somehow in this case all the solutions are not working.
So here is my the question with example snippet:
I have an html file which looks like this:
<div id="portalRight">
<a target="_blank" href="http://ictforu.com"> <!-- this link works , it opens up another tab -->
<ul id="subtabnav">
<li class="datasetTab">
<a href="#">dataset</a> <!-- Click on this will trigger the dataset iframe to be loaded thru a servlet call -->
</li>
<li class="obsGraphTab" data-bind="css: { disabled: !aekos.subTabViewModel.graphTabsEnabled() }">
<a href="#">Observation Graph</a>
</li>
.....
</ul>
<div id="dataset">
<iframe id="dataset-frame" class="graphiframe" seamless sandbox="allow-same-origin allow-scripts"></iframe>
</div>
<div id="testViewer">
<iframe id="test-viewer-frame" class="graphiframe" seamless sandbox="allow-same-origin allow-scripts"></iframe>
</div>
</div>
As you can see my iframe isn't a popup but appears under a div element: iframe contents are filled using a servlet when the link is clicked.
My iframe has base tags (base target="_parent")under header of the iframe.
I have used <base> tag to specify the behaviour and also link has target="_blank", but my links doesn't work at all.
Same link works outside the iframe.
example iframe :
base target="_parent" /base
body content:
a target="_blank" href="http://ictforu.com" /a
this link doesn't work, clicks are ignored.
Any help is much appreciated.
Sorry had some editing issues with the html tags earlier.
Thanks, Madhu
568
Iframe popup plugin was specially developed to display any web page in the popup window using web URL. It uses fancy box to display popup in iframe.
You have to check for HTTP response header X-Frame-Option of those sites. if its value is "DENY or SAMEORIGIN", then you can not load those website in the iframes. DENY = No one can load the website in iframe. Even the same domain page wont be able to load.
To embed an iframe in a content page, select Interactive layout, choose the HTML block and paste the iframe code there. You can adjust the iframe width and height properties. To embed an iframe using the Old (Classic) editor, click on the Embed Media icon and paste the code in the appropriate field.
By adding target="_blank" to the anchor, it will open it in a new tab. By adding target="_parent" to the anchor, it will open it up in the same window like a normal link.
I can't really explain the 'why' cause don't know much about the sandbox attribute of the iframe, but the link opened in a new tab just fine for me when I removed that attribute.
edit:
Looking into it a little more, it seems that you can add the attribute "allow-top-navigation" and then change the link to 'target=_parent' and that works, but it still will not work if you leave the target=_blank
Here is a little bit of documentation from the mozilla site
sandbox HTML5 only
If specified as an empty string, this attribute enables extra restrictions on the content that can appear in the inline frame. The value of the attribute can be a space-separated list of tokens that lift particular restrictions. Valid tokens are:
allow-same-origin: Allows the content to be treated as being from its normal origin. If this keyword is not used, the embedded content is treated as being from a unique origin.allow-top-navigation: Allows the embedded browsing context to navigate (load) content to the top-level browsing context. If this keyword is not used, this operation is not allowed.allow-forms: Allows the embedded browsing context to submit forms. If this keyword is not used, this operation is not allowed.allow-scripts: Allows the embedded browsing context to run scripts (but not create pop-up windows). If this keyword is not used, this operation is not allowed.Note:
allow-scripts and allow-same-origin at the same time, as that allows the embedded document to programmatically remove the sandbox attribute. Although it is accepted, this case is no more secure than not using the sandbox attribute.iframe. It is recommended that such content should be served from a separate dedicated domain, to limit the potential damage.There isn't much more there, but here's the link
170
Sandbox gives you control to set needed permissions instead of opening up everything. Here with your need to set permission,"allow-scripts allow-popups". it will work fine. make sure you remove the configurations according to the situation.
<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms"
src="your_url"></iframe>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
