Skip to content

Remove sandbox allow-same-origin for core/html blocks (Merge #77212 to wp/7.0)#77699

Merged
peterwilsoncc merged 1 commit into
wp/7.0from
merge/pr-77212
Apr 28, 2026
Merged

Remove sandbox allow-same-origin for core/html blocks (Merge #77212 to wp/7.0)#77699
peterwilsoncc merged 1 commit into
wp/7.0from
merge/pr-77212

Conversation

@alecgeatches

@alecgeatches alecgeatches commented Apr 27, 2026

Copy link
Copy Markdown
Contributor

What?

Merge #77212 into wp/7.0 due to cherry-pick conflict.

@alecgeatches @jsnajdr
Remove sandbox allow-same-origin for core/html blocks (#77212)
5368e37 
* Remove sandbox "allow-same-origin" attribute, use srcDoc instead

* Add opt-in allowSameOrigin parameter, use it to fix embeds while keeping core/html locked down

* Fix formatting

* Use contentDocument.write() when allowSameOrigin is true to avoid referer errors

* Refactor new same-origin disallowed sandbox into subcomponent for easier reading

* Add CHANGELOG entry

* Reattach resize listener on iframe load event

Co-authored-by: alecgeatches <alecgeatches@git.wordpress.org>
Co-authored-by: maxschmeling <maxschmeling@git.wordpress.org>
Co-authored-by: jsnajdr <jsnajdr@git.wordpress.org>
@github-actions github-actions Bot added [Package] Blob /packages/blob [Package] Compose /packages/compose [Package] Core data /packages/core-data [Package] API fetch /packages/api-fetch [Package] HTML entities /packages/html-entities [Package] Viewport /packages/viewport [Package] DOM /packages/dom [Package] Keycodes /packages/keycodes [Package] Plugins /packages/plugins [Package] Components /packages/components [Package] Blocks /packages/blocks [Package] Editor /packages/editor [Package] Redux Routine /packages/redux-routine [Package] Block library /packages/block-library [Package] Notices /packages/notices [Package] Token List /packages/token-list [Package] Format library /packages/format-library [Package] Rich text /packages/rich-text [Package] Block editor /packages/block-editor [Package] Edit Post /packages/edit-post [Package] Data Controls /packages/data-controls [Package] Priority Queue /packages/priority-queue [Package] Edit Widgets /packages/edit-widgets [Package] E2E Tests /packages/e2e-tests [Package] Project management automation /packages/project-management-automation [Package] Escape HTML /packages/escape-html [Package] Interface /packages/interface [Package] Primitives /packages/primitives labels Apr 27, 2026
@alecgeatches alecgeatches mentioned this pull request Apr 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peterwilsoncc peterwilsoncc peterwilsoncc approved these changes

Assignees

No one assigned

Labels

[Feature] Real-time Collaboration Phase 3 of the Gutenberg roadmap around real-time collaboration [Type] Bug An existing feature does not function as intended

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alecgeatches @peterwilsoncc @maxschmeling