Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Dialog vertical positioning changes ?
Oleg.
I’m sorry, but your previous commit was much better: latest one causes lots of problems with some CORS rules…
Patrick.
Github | CodePen | Codier | Simplr theme | Wait Me: a maintenance theme | [\a mi.ni.ma]: a “Low Tech” simple Blog theme.
Offline
Re: Dialog vertical positioning changes ?
etc wrote #338492:
That’s what I thought, but failed to get it working. I’ll have to wait until they land in Sandspace.
I don’t think I would implement a spinner that way, personally. At the moment I am more inclined to put some fixed width spinner in the top left corner.
(after checking the whole thing with a couple of different devices)
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Dialog vertical positioning changes ?
etc wrote #338495:
It actually sanitizes the front-end view too, so ‘hiding’ it behind the dialog can be problematic. But front-end sanitizing is probably an overkill, feedback welcome.
View is static (saved data) and previews are live.
In order to make that preview iframe marginally useful: is it possible to, please please, to at least have an option to permanently disable that sanitising thing in the iframe – not blocking, not blocking webfonts, and in Safari not blocking stylesheets. Thank you.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Dialog vertical positioning changes ?
Pat64 wrote #338497:
I’m sorry, but your previous commit was much better: latest one causes lots of problems with some CORS rules…
Details might help. The preview seems to degrade gracefully on the demo site, even if some fonts are blocked.
phiw13 wrote #338499:
In order to make that preview iframe marginally useful: is it possible to, please please, to at least have an option to permanently disable that sanitising thing in the iframe – not blocking, not blocking webfonts, and in Safari not blocking stylesheets. Thank you.
I really really don’t want such a permanent pref (unless you let me call it Hackers Open Bar). One day you don’t pay attention and voilà. In body/excerpt previews you can at least analyse potentially unsafe content, but analysing the whole page is meaningless. I would even forbid unsandboxing it at all, but you seem to say stylesheets are blocked in Safari (which is weird), need to investigate.
Please keep in mind that preview frame is for the content, not for the style, so develop your public themes accordingly.
It looks like credentialless iframe might be ideal, but it is not widely implemented yet.
Offline
Re: Dialog vertical positioning changes ?
Oleg,
Thank you for this. That makes the iframe more useful for me, at the cost of one extra click.
Note:
- situation1: sole owner/editor/author/designer of a website (but I am sure my cat accesses the website…)
- situation2: small organisation with 2~4 (occasional) users.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Dialog vertical positioning changes ?
Thank you lot, Oleg: your latest commit is much better! 👌
Patrick.
Github | CodePen | Codier | Simplr theme | Wait Me: a maintenance theme | [\a mi.ni.ma]: a “Low Tech” simple Blog theme.
Offline
Re: Dialog vertical positioning changes ?
Fine, but it does not help me to see what could be wrong with sandboxing. I’ve got no local mac setup to test other public themes, but the demo site works fine in Safari. Would you mind posting more details of what happens if sandbox is checked, please?
Offline
Re: Dialog vertical positioning changes ?
etc wrote #338513:
I’ve got no local mac setup to test other public themes
Aside: we have a gratis / donated BrowserStack account if that’s useful.
Online
Re: Dialog vertical positioning changes ?
gaekwad wrote #338516:
Aside: we have a gratis / donated BrowserStack account if that’s useful.
Ah, might be.
Offline
Re: Dialog vertical positioning changes ?
etc wrote #338513:
Fine, but it does not help me to see what could be wrong with sandboxing. I’ve got no local mac setup to test other public themes, but the demo site works fine in Safari. Would you mind posting more details of what happens if sandbox is checked, please?
I have already explained in this or previous thread the multiple issues. Start by inserting some script in the page – <script src=path/to/prism.js. The page never displays as scripting isnot allowed in the sandbox and your script to remove the style block (opacity:0 in the source document is not removed. Having (stricter) CSP directives also triggers “failures” –stylesheets, images, …not loaded with the appropriate memo in the console, such as, paraphrasing, “stylesheet.css not allowed by style-src…”.
As I said, Safari appears to have a rather strict understanding of sandbox.
Maybe I have time and energy over the we to dig it all up, including the console messages. Don’t bet on it though. Monday is more likely.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Dialog vertical positioning changes ?
phiw13 wrote #338520:
Start by inserting some script in the page –
<script src=path/to/prism.js. The page never displays as scripting isnot allowed in the sandbox and your script to remove the style block (opacity:0in the source document is not removed.
Isn’t it a path problem? Relative links in preview are resolved in admin URL context, try setting <base /> in your public theme.
Having (stricter) CSP directives also triggers “failures” –stylesheets, images, …not loaded with the appropriate memo in the console, such as, paraphrasing, “stylesheet.css not allowed by style-src…”.
CSP needs to be tweaked, sure, even for unsandboxed preview.
Offline
Re: Dialog vertical positioning changes ?
Screenshot: dev.l-c-n.com/_b/saf18-sandbox-iframe.png
Actual issue: the iframe is/looks blank as this: <style id="HIDEHTML">html { opacity: 0.0 !important;}</style> has not been removed.
Source of article (oldie): emps.l-c-n.com/notebook/using-svg-files-as-content-images
One script, 2 web fonts, 1 stylesheet – all root relative URL
Console:
[Error] Blocked script execution in ‘about:blank’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set. (x2)
[Error] Blocked script execution in ‘about:blank’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set. (anonymous function) (jquery.js:2:47744)
[Error] Blocked script execution in ‘about:srcdoc’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set. (x3)
[Error] Origin null is not allowed by Access-Control-Allow-Origin. Status code: 200
[Error] Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. Status code: 200 (pt_sans-narrow-bold.woff2, line 0)
[Error] Origin null is not allowed by Access-Control-Allow-Origin. Status code: 200
[Error] Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. Status code: 200 (SourceSerif4Variable-Roman.ttf.woff2, line 0)
[Error] Blocked script execution in ‘about:srcdoc’ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set.
–^–
PS
ui-dialog:has(#preview-frame.disabled)::before {
width: clamp(1em, 15%, 4em);
aspect-ratio: 1/1;
}for your pleasure…
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Dialog vertical positioning changes ?
Thanks, but this is not fair because I have replaced iframe’s sandbox="allow-scripts" with sandbox="" on your demand. If you could manually (in Safari console) reset it to allow-scripts before updating the preview, that would be ace. As for fonts, that’s another problem.
Offline
Offline
Re: Dialog vertical positioning changes ?
etc wrote #338524:
Thanks, but this is not fair because I have replaced iframe’s
sandbox="allow-scripts"withsandbox=""on your demand. If you could manually (in Safari console) reset it toallow-scriptsbefore updating the preview, that would be ace. As for fonts, that’s another problem.
<sigh> Sandbox attribute is set, checkbox is ticked (default view), see image: dev.l-c-n.com/_b/saf18-sandbox2.png. If scripts are allowed, or if sandbox is removed, (equivalent to uncheck the checkbox at the bottom) then of course the page renders as expect with scripts, fonts and the whole payload.
To recap what I have been saying endlessly: sandboxed preview displays a blank panel in Safari. With sandbox="allow scripts" the page is rendered (minus webfonts), depending on CSP directives the stylesheet is blocked as well. With the sandbox attribute removed, all is well.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline