Why are links inside an iFrame opening in system safari?

Question

Between builds (I am unsure what changed to trigger this), an application went from the following behavior in iOS.

• A main webview loads index.html, and has an iframe that has many anchors in it
• Anchors would stay inside the iFrame unless otherwise manipulated and redirected with JavaScript that runs from index.html

To:

• A main webview loads index.html, and has an iframe that has many anchors in it
• Clicking any anchor inside of the iFrame or any action that triggers a location change results in the new page being loaded in the Safari App rather than inside the iFrame

I have the latest version of cordova-plugin-inappbrowser (1.3.0 at this time) installed, but that does not seem to be interfering with anything.

I have verified that I am still able to use JavaScript from index.html to change attributes about anchors inside the frame, as well as to add events.

I am using the following CSP:

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';">

I am unsure if that has something to do with it.

I've tried a number of iframe sandbox properties in an attempt to see what sticks, and none of them change outcome. Currently it's at:

<iframe id="the-iframe" sandbox="allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-top-navigation allow-forms allow-same-origin"></iframe>

The src of the iframe is set dynamically.

I have opened up a bug report on cordova to see if this is potentially a bug rather than a feature.

Answer 1

I was facing this issue for a new application I'm working now, and it seems that is related with new whitelisting mode in Cordova iOS > 6. For us, I have made a workaround for allow navigation inside iframes (I can't be sure if it could generate any other problem, but for now we haven't seem anyone). In cordova project, at Private/Plugins/CDVUIWebViewEngine/CDVIntentAndNavigationFilter.m, we've just modified the shouldOverrideLoadWithRequest:navigationType: method, changing the behaviour when a navigation is requested via UIWebViewNavigationTypeLinkClicked.

With the new Cordova behaviour, in that case it stops navigation, and open it in system browser; I've commented that line ([[UIApplication sharedApplication] openURL:url]; ) and modified the return, to return YES; and with this two changes it is working as previous versions of cordova:

case UIWebViewNavigationTypeLinkClicked:
    // Note that the rejection strings will *only* print if
    // it's a link click (and url is not whitelisted by <allow-*>)
    if ([self.allowIntentsWhitelist URLIsAllowed:url logFailure:NO]) {
        // the url *is* in a <allow-intent> tag, push to the system
        //[[UIApplication sharedApplication] openURL:url];
        return YES;
    } else {
        [errorLogs addObject:[NSString stringWithFormat:allowIntents_whitelistRejectionFormatString, [url absoluteString]]];
    }

I think that this behaviour should be configurable from config.xml parameter, but for us this workaround is enough right now.