[PM-1407] Improve iframe sandbox detection (#5976)

* improve iframe sandbox detection * code cleanup Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com> * update autofill v1 logic as well --------- Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
2 years ago · 42193aecb8
2 changed files with 19 additions and 3 deletions
--- a/apps/browser/src/autofill/content/autofill.js
+++ b/apps/browser/src/autofill/content/autofill.js
@ -768,8 +768,16 @@
				@@ -768,8 +768,16 @@

      // Detect if within an iframe, and the iframe is sandboxed
      function isSandboxed() {
-          // self.origin is 'null' if inside a frame with sandboxed csp or iframe tag
-          return self.origin == null || self.origin === 'null';
+        // self.origin is 'null' if inside a frame with sandboxed csp or iframe tag
+        if (String(self.origin).toLowerCase() === "null") {
+          return true;
+        }
+
+        if (window.frameElement?.hasAttribute("sandbox")) {
+          return true;
+        }
+
+        return location.hostname === "";
      }

      function doFill(fillScript) {
--- a/apps/browser/src/autofill/content/autofillv2.ts
+++ b/apps/browser/src/autofill/content/autofillv2.ts
@ -849,7 +849,15 @@ function fill(document: Document, fillScript: AutofillScript) {
				@@ -849,7 +849,15 @@ function fill(document: Document, fillScript: AutofillScript) {
  // Detect if within an iframe, and the iframe is sandboxed
  function isSandboxed() {
    // self.origin is 'null' if inside a frame with sandboxed csp or iframe tag
-    return self.origin == null || self.origin === "null";
+    if (String(self.origin).toLowerCase() === "null") {
+      return true;
+    }
+
+    if (window.frameElement?.hasAttribute("sandbox")) {
+      return true;
+    }
+
+    return location.hostname === "";
  }

  function doFill(fillScript: AutofillScript) {