Will the iframe sandbox code and cookies away from my tiddlywiki?

[Sapphireslinger]

For instance the "please accept our cookies" still pops up within the iframe when I iframe a webpage into my (private) Tiddlywiki.

(I can set the iframe height long enough that I won't see the cookie pop-up to be inconvenienced by it, because it is perpetually below the bottom of the screen until I reach the end of the article. Just have to be careful to scroll-to-read WITHIN the iframe and never scroll-to-read OUTSIDE the iframe and this works.)

But what would happen if I accidentally clicked the "accept cookies" pop-up within the iframe? Would it embed cookies into my Tiddlywiki? Or would it only accept the cookies into the (Firefox) browser running my Tiddlywiki?

[Javier Eduardo Rojas Romero]

On Mon, Mar 29, 2021 at 07:13:28PM -0700, Sapphireslinger wrote:
> But what would happen if I accidentally clicked the "accept cookies" pop-up

> within the iframe? *Would it embed cookies into my Tiddlywiki? *Or would it

> only accept the cookies into the (Firefox) browser running my Tiddlywiki?

I ... don't entirely grok what you're doing... but, regarding cookies,
they won't end up in tiddlywiki and will not modify it in any way; they
will be stored by your browser.

Cheers,

[Sapphireslinger]

Thank you. Very reassuring.

[Eric Shulman]

On Monday, March 29, 2021 at 7:13:28 PM UTC-7 Sapphireslinger wrote:

But what would happen if I accidentally clicked the "accept cookies" pop-up within the iframe? Would it embed cookies into my Tiddlywiki? Or would it only accept the cookies into the (Firefox) browser running my Tiddlywiki?

Any cookies would be saved in your browser and would be associated with the URL displayed in the iframe... NOT the URL or filepath of the TiddlyWiki document.

-e

[Jeremy Ruston]

Modern browsers have evolved their handling of cookies for websites displayed iniframes. Nowadays, they mostly use a separate "cookie jar" (set of cookies) not just for each website, but also for each website within which it is hosted in an iframe. It's designed to circumvent tracking technologies. The upshot is that you may well need to separately clear cookies for the page in its embedded form to when you're viewing it as a top level page.

Best wishes

Jeremy

--

Jeremy Ruston

jer...@jermolene.com

https://jermolene.com

On 30 Mar 2021, at 08:11, Eric Shulman <elsd...@gmail.com> wrote:



--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/a91059da-b2a0-4812-a816-3e5af46d49b1n%40googlegroups.com.

[Javier Eduardo Rojas Romero]

Now that I had a bit of sleep, I realized that I misread the subject of
your initial email; I didn't notice you used "sandbox" as a verb, and I
got confused. Whoopsie, sorry.

So, yes, embedding another web page as an iframe in your tiddlywiki will
do the following for you, by default:

* Forbid the embedded page any access/manipulation of your tiddlywiki
(iframes cannot access the DOM of their parent unless they are part
of the same website, which is not your case)

* Forbid execution of code in that embedded page (by default iframes
are not allowed to run scripts/code)

Since you are embedding a page that has a video in it, that will most
likely require you to allow the iframe to run code; that restriction
can be lifted with <iframe sandbox="allow-scripts"> ; see
https://developer.mozilla.org/en-Us/docs/Web/HTML/Element/iframe#attr-sandbox
for the details.

> --
> You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/2405760c-eca5-4eb2-ad66-aef1977b7fe3n%40googlegroups.com.