Sandboxed links, linking from cesium to page with javascript gives 'allow-scripts' error

807 views
Skip to first unread message

Shane Thomas

unread,
Jul 14, 2016, 10:33:11 AM7/14/16
to cesium-dev

I am trying to figure out how to get my entities (or kmls or any other geo footprint i might have) to open when a link is pressed.  

 

The idea here is that one could click on a warped section on the cesium JS map and it would open up a dialog there where you could click on the deep zoom viewer link, popping up a new window/tab to show the warped tile as a huge image you can scroll all around and get in really close etc.  So this is what I came up with:

(btw the deep image viewer is openseadragon)

 

 

 

          var entity3cesium = new Cesium.Entity();

                entity3cesium.name = 'entity3';

                entity3cesium.id = '3';

                entity3cesium.polygon = new Cesium.PolygonGraphics({

                                   hierarchy : Cesium.Cartesian3.fromDegreesArray([

                32.8333333333,68.8863888889,

                32.6125,69.1380555556,

                33.8158333333,69.2675,

                34.0236111111,69.0144444444,

                ]),

                material : '../../some.nitf_warped.png',

                outline:true,

                outlineColor : Cesium.Color.RED

                });

 

                entity3cesium.description = '<a href=\"http://localhost:8000/static/openseadragon/deepzoomviewer.html?a=Folder&b=some.nitf.dzi\" target=\"_blank\">Deep Viewer Link</a>'; //add link to pop up into open sea dragon, which uses code on that html file to parse the above link and display the right deep zoom image.  

 

 

So this will put an entity on the map with a warped png file of it (I created using gdalwarped.  I wanted to use gdal2tiles but cannot get that to work right, I have another forum question on gdal2tiles and TMS stuff in another thread on here).  In either case, you click on the entity in cesium and it opens up this dialog to the right with the link there, you click on that and a new window does open but I get an error in the browser because of some java script error:

 

Blocked script execution in 'http://localhost:8000/static/openseadragon/deepzoomviewer.html?a=Folder&b=some.nitf.dzi' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

 

No idea what causes this or how to resolve this.  The window that is opened up does have all the javascript code for the openseadragon dzi viewer.  The above link works if it is just to something like cnn.com or something.  Though I think how cesium setups the link is what is causing the issue (having to do with frame and sandboxed?)  maybe not but I am grasping at straws so posting here.

Is there another preferred way to open a link from a clicked entity in cesiumjs that might work better?

 

 

Hannah Pinkos

unread,
Jul 14, 2016, 11:35:47 AM7/14/16
to cesium-dev
Hello,

The infobox displays content in an iframe and disables running scripts by default for security concerns.  If you trust whatever scripts may be coming from your entity descriptions, you can enable scripts like this:

var iframe = document.getElementsByClassName('cesium-infoBox-iframe')[0];
iframe.setAttribute('sandbox', 'allow-same-origin allow-scripts allow-popups allow-forms'); 

Best,

Hannah

Shane Thomas

unread,
Jul 21, 2016, 3:43:17 PM7/21/16
to cesium-dev
I missed this response, just found it and it works thank you so much!  I do trust the descriptions cause I am creating the entities myself and by hand.  Thank you!

lgsof...@gmail.com

unread,
Jan 6, 2017, 6:11:52 PM1/6/17
to cesium-dev
Hannah,

In which file i need to add this script code ?

is there any infobox js file ?

In my main file where i have defined cesium its not working.
For data i am using ajax...

Thanks

Hannah Pinkos

unread,
Jan 9, 2017, 8:32:17 AM1/9/17
to cesium-dev, lgsof...@gmail.com
You can add this line after you've created var viewer = new Cesium.Viewer();

-Hannah

lgsof...@gmail.com

unread,
Jan 9, 2017, 1:09:13 PM1/9/17
to cesium-dev, lgsof...@gmail.com
Thanks, Hannah.
You have always been a big help.

mehulpa...@gmail.com

unread,
Mar 3, 2017, 4:34:26 AM3/3/17
to cesium-dev
home.php:1 Blocked script execution in 'http://localhost/database3/user/home.php' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

dear sir these error show in my click to infobox and open new page but result are not good and show these error please help.

thanks

Klaus Rheinwald

unread,
Mar 4, 2017, 1:52:16 AM3/4/17
to cesium-dev, mehulpa...@gmail.com
Try

    var viewer = new Cesium.Viewer( options );

    $('.cesium-infoBox-iframe').attr('sandbox', 'allow-same-origin allow-scripts allow-popups allow-forms');  // if you use jQuery

   document.getElementsByClassName('cesium-infoBox-iframe)[0].setAttribute('sandbox', 'allow-same-origin allow-scripts allow-popups allow-forms');  // this should work in plain JS


This doesn't eliminate an initial error during initilaization of the info-box (Hannah?), but it will allow links in the infobox.

@Hanna, is this worth an issue? IMHO, this should be done automatically during iniitialization of the iFrame.

HTH
Klaus

Hannah Pinkos

unread,
Mar 6, 2017, 8:40:13 AM3/6/17
to cesium-dev, mehulpa...@gmail.com
Hello Klaus,

Thanks for helping out with that code sample!
We made a conscious decision to not set these attributes for security purposes.  Users may not always have control over the content being added to the infobox so we wanted to sandbox it to prevent malicious scripts from running automatically.

Best,

Hannah
Reply all
Reply to author
Forward
0 new messages