Please set allow-popups-to-escape-sandbox

Hi,

We are using a custom app for Freshdesk to automatically display links to our own admin interface via the ticket_sidebar interface extension.

The Freshdesk code is using an iframe with sandbox="allow-scripts allow-forms allow-same-origin allow-popups allow-modals allow-downloads" to display the interface extension.

The issue that we see is that when a user clicks the link to our own admin interface, the new browser window inherits the sandbox setting, which disrupts certain functionality of our admin interface.

Could you please add allow-popups-to-escape-sandbox to the sandbox attribute to resolve this issue? There should be no security downside in doing so. See <iframe>: The Inline Frame element - HTML: HyperText Markup Language | MDN

Thank you!

Best
Richard

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.