Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Incremental Editing #13

Open
ElizabethHudnott opened this issue Jun 17, 2018 · 0 comments
Open

Support Incremental Editing #13

ElizabethHudnott opened this issue Jun 17, 2018 · 0 comments
Labels
feature New feature or request
Milestone
v1.1

Comments

@ElizabethHudnott
Copy link
Owner

ElizabethHudnott commented Jun 17, 2018
edited
Loading

This would require a toggle button in the preview tab to enable/disable user scripting.

Modifying individual elements of the iframe's DOM requires relaxing the sandbox to make it same-origin, but this requires using a Content Security Policy (in a meta tag) to prevent user-written JavaScript from executing. User-written CSS would also need to be sanitized to remove url('javascript:...

https://developers.google.com/web/fundamentals/security/csp/
https://www.w3.org/TR/CSP3/
@ElizabethHudnott ElizabethHudnott added the feature New feature or request label Jun 17, 2018
@ElizabethHudnott ElizabethHudnott added this to the v1.1 milestone Jun 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request
Projects
None yet
Milestone
v1.1
Development

No branches or pull requests
1 participant
@ElizabethHudnott