Adding an Iframe using the Embed Widget pointing to a pdf that is hosted in our Enterprise (normal portal item) the pdf is not working. In the console of Chrome or Edge we see:
"An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing."
When removing the sandbox attribute totally using the dev tools from the HTML it starts working.
In Firefox we do not have the issue.
Solved! Go to Solution.
Note:
If you choose to display a PDF directly in the Embed widget, some users may not be able to view it in certain browsers for security reasons.
This is a documented limitation of the Embed Widget. It's not actually a problem with the Widget itself, but it is being blocked by security settings in Chrome/Edge which is why it works in Firefox. The Embed Widget works using an HTML component called an iframe. Iframes allow one webpage to show a little piece of another webpage and are potentially dangerous because if they are not handled correctly they could allow the embedded page to take control of the hosted site. The Embed Widget comes with some built-in limitations its iframe to prevent this from happening. In order for PDFs to work, they need to run some code and the code they use could be potentially used to break past the security of the Embed Widget. Chrome and Edge see the potential threat and prevent the iframe from working.
Note:
If you choose to display a PDF directly in the Embed widget, some users may not be able to view it in certain browsers for security reasons.
This is a documented limitation of the Embed Widget. It's not actually a problem with the Widget itself, but it is being blocked by security settings in Chrome/Edge which is why it works in Firefox. The Embed Widget works using an HTML component called an iframe. Iframes allow one webpage to show a little piece of another webpage and are potentially dangerous because if they are not handled correctly they could allow the embedded page to take control of the hosted site. The Embed Widget comes with some built-in limitations its iframe to prevent this from happening. In order for PDFs to work, they need to run some code and the code they use could be potentially used to break past the security of the Embed Widget. Chrome and Edge see the potential threat and prevent the iframe from working.