Added iframe sandbox options

api/config/default.php

@@ -219,5 +219,6 @@ return array(
 	'commit' => 'n/a',
 	'ombiLimit' => '50',
 	'localIPFrom' => '',
-	'localIPTo' => ''
+	'localIPTo' => '',
+	'sandbox' => 'allow-presentation,allow-forms,allow-same-origin,allow-pointer-lock,allow-scripts,allow-popups,allow-modals,allow-top-navigation'
 );

api/functions/organizr-functions.php

@@ -99,7 +99,8 @@ function organizrSpecialSettings()
 			'docker' => qualifyRequest(1) ? $GLOBALS['docker'] : '',
 			'githubCommit' => qualifyRequest(1) ? $GLOBALS['commit'] : '',
 			'schema' => qualifyRequest(1) ? getSchema() : '',
-			'debugArea' => qualifyRequest($GLOBALS['debugAreaAuth'])
+			'debugArea' => qualifyRequest($GLOBALS['debugAreaAuth']),
+			'sandbox' => $GLOBALS['sandbox'],
 		)
 	);
 }
@@ -732,6 +733,48 @@ function getSettingsMain()
 				'help' => 'Important! Do not keep this enabled for too long as this opens up Authentication while testing.',
 				'value' => $GLOBALS['authDebug'],
 				'class' => 'authDebug'
+			),
+			array(
+				'type' => 'select2',
+				'class' => 'select2-multiple',
+				'id' => 'sandbox-select',
+				'name' => 'sandbox',
+				'label' => 'iFrame Sandbox',
+				'value' => $GLOBALS['sandbox'],
+				'help' => 'WARNING! This can potentially mess up your iFrames',
+				'options' => array(
+					array(
+						'name' => 'Allow Presentation',
+						'value' => 'allow-presentation'
+					),
+					array(
+						'name' => 'Allow Forms',
+						'value' => 'allow-forms'
+					),
+					array(
+						'name' => 'Allow Same Origin',
+						'value' => 'allow-same-origin'
+					),
+					array(
+						'name' => 'Allow Pointer Lock',
+						'value' => 'allow-pointer-lock'
+					),
+					array(
+						'name' => 'Allow Scripts',
+						'value' => 'allow-scripts'
+					), array(
+						'name' => 'Allow Popups',
+						'value' => 'allow-popups'
+					),
+					array(
+						'name' => 'Allow Modals',
+						'value' => 'allow-modals'
+					),
+					array(
+						'name' => 'Allow Top Navigation',
+						'value' => 'allow-top-navigation'
+					),
+				)
 			)
 		),
 		'Login' => array(

js/functions.js

@@ -954,7 +954,8 @@ function buildFormItem(item){
 			return smallLabel+'<select class="form-control'+extraClass+'"'+placeholder+value+id+name+disabled+type+attr+'>'+selectOptions(item.options, item.value)+'</select>';
 			break;
 		case 'select2':
-			return smallLabel+'<select class="m-b-10 '+extraClass+'"'+placeholder+value+id+name+disabled+type+attr+' multiple="multiple" data-placeholder="Choose">'+selectOptions(item.options, item.value)+'</select>';
+            var select2ID = (item.id) ? '#'+item.id : '.'+item.name;
+            return smallLabel+'<select class="m-b-10 '+extraClass+'"'+placeholder+value+id+name+disabled+type+attr+' multiple="multiple" data-placeholder="Choose">'+selectOptions(item.options, item.value)+'</select><script>$("'+select2ID+'").select2();</script>';
 			break;
 		case 'switch':
 		case 'checkbox':
@@ -2440,8 +2441,11 @@ function categoryProcess(arrayItems){
 	}
 }
 function buildFrame(name,url){
+    var sandbox = activeInfo.settings.misc.sandbox;
+    sandbox = sandbox.replace(/,/gi, ' ');
+    sandbox = (sandbox) ? ' sandbox="' + sandbox + '"' : '';
 	return `
-		<iframe allowfullscreen="true" frameborder="0" id="frame-`+cleanClass(name)+`" data-name="`+cleanClass(name)+`" sandbox="allow-presentation allow-forms allow-same-origin allow-pointer-lock allow-scripts allow-popups allow-modals allow-top-navigation" scrolling="auto" src="`+url+`" class="iframe"></iframe>
+		<iframe allowfullscreen="true" frameborder="0" id="frame-`+cleanClass(name)+`" data-name="`+cleanClass(name)+`" `+sandbox+` scrolling="auto" src="`+url+`" class="iframe"></iframe>
 	`;
 }
 function buildFrameContainer(name,url,type){