Reputation: 34149
Showing PDF inside sandboxed iframe
Is it possible to show PDF using object element inside sandboxed iframe? For example, In JSFiddle the content is sandboxed and all the sandboxed attributes are allowed but still its not able to render a PDF
<object data="https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf" class="mt-document-view" type="application/pdf">Image not found 2</object>
https://jsfiddle.net/4gpchL9z/
Upvotes: 1
Views: 772
Answers (1)
Reputation: 149
PDF's do not display in sandboxed Iframes, even with the most permissive options. The only way to display it would be to not set the sandbox attribute at all when the MIME type is application/pdf, that is what we ended up doing.
[edit] this is true for Chrome and all other browsers that use plugins for PDF rendering.
Modern browsers pdf viewers are themselves heavily sandboxed by default. However that will not give you a guarantee malicious code won't still be executed by the browsers PDF viewer. Im afraid There is no silver bullet here, it depends on your use case whether you want to take the risk or not.
Upvotes: 1
Related Questions
- Recommended way to embed PDF in HTML?
- How to identify if a webpage is being loaded inside an iframe or directly into the browser window?
- How to apply CSS to iframe?
- Invoking JavaScript code in an iframe from the parent page
- Remove border from IFrame
- Opening a html link to read a PDF file on browser is blocked by browser
- Download PDF when it's a url
- 'application/pdf' blob in safari iframe does not display, but the blob url works in a separate tab within safari