Add allow-scripts on all browsers

Because we can't reliably detect Safari right now. CSP still prevents scripts from running.
zotero · Oct 16, 2023 · 5982f32 · 5982f32
1 parent 79a1cd3
commit 5982f32
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/src/dom/common/dom-view.tsx b/src/dom/common/dom-view.tsx
@@ -108,9 +108,12 @@ abstract class DOMView<State extends DOMViewState, Data> {
 		// unless the allow-scripts permission is added to the frame's sandbox. We prevent scripts in the frame from
 		// running via the CSP.
 		// https://bugs.webkit.org/show_bug.cgi?id=218086
-		if (isSafari) {
-			this._iframe.sandbox.add('allow-scripts');
-		}
+
+		// TEMP: Add allow-scripts on all browsers until we can reliably detect Safari on all platforms
+		// if (isSafari) {
+		this._iframe.sandbox.add('allow-scripts');
+		// }
+
 		// Set the CSP directly on the iframe; we also add it as a <meta> tag in the srcdoc for browsers that don't
 		// support the csp attribute (currently all browsers besides Chrome derivatives)
 		this._iframe.setAttribute('csp', this._getCSP());