I am trying to show the stream from an external site. That site has too many pop-up ads, and I am trying to block pop-up using the sandbox attribute. But it is showing
Remove sandbox attributes on the iframe tag
How can I solve it?
removing the sandbox fixes the issue, but there are a lot of pop-ups.
Here is the code I am using.
<iframe allowfullscreen="true"
referrerpolicy="same-origin"
sandbox="allow-form allow-pointer-lock allow-same-origin allow-scripts"
frameborder="0" height="540" scrolling="no" src="https://somesrc.com/11.php"
width="780"
>
Related
I am trying to use a custom font on my client's course marketing page on Teachable.com. Right now the course is not currently live, so unfortunately I can't share a link to preview.
I am trying to follow the Google Webfonts pattern of attributes in the link tag:
<link rel="preconnect" href="https://tablocreative.com/roo/webfonts.css" crossorigin>
I am hosting this webfont and the respective font files on a different hosting provider (standard Apache hosting). When I view the source of my page, I can see that file is being referenced - no 404 errors or access origin errors in the console.
This is the CSS:
html, body, main, div, p { font-family: 'Avenir LT Pro'; }
I can see in the inspector that declaration is being applied, no other font-family is set or overriding this. But the webfont will not load.
Any insights or ideas would be appreciated!
Check out the codepen on the readme of this repo.
It has a working example:
https://github.com/adriano-tirloni/google-fonts-css2
I'm trying to customize the page UI on Azure AD B2C unified sign in/sign up page.
I was able to create my template and upload all the assets i.e. html page, images and css to my Azure Blob Storage container with the right CORS settings.
When I pull up the page, however, it looks absolutely HORRIBLE! It doesn't seem to support Bootstrap. I read somewhere that no JavaScript is allowed. Is that the reason for this?
Once I upload my custom HTML page, Azure AD B2C seems to be stripping off a lot of the design elements necessary for my customization such as id and style in my body tag -- see below:
<!-- Omitted for brevity -->
<body id="my-login-class" style="url: ('https://myazurestorage.blob.core.windows.net/my-container/my-bg-image.jpg')">
<div id="some-important-id" class="my-important-class">
<div class="col-xs-8">
<div>Some important message</div>
<div>
<div class="col-xs-4">
<div id="api">
</div>
</div>
</div>
</body>
When I inspect the page source once my custom page is rendered, I see that all my classes and Id's are removed along with Bootstrap references e.g. css and js.
Am I getting this right? No Bootstrap which means Azure AD B2C only supports customization of the most basic kind?
Your HTML template can include any external, head, or inline styles but it can't include scripts.
An example of a customized page can be found at the WoodGrove sign-up or sign-in page.
The HTML template for this customized page can be found in the WoodGrove GitHub repository.
This HTML template includes Bootstrap's Reboot styles as well as the WoodGrove's specific styles.
Azure AD B2C creates the head and body elements and then copies the child elements for each of these head and body elements from your HTML template to its HTML document.
Therefore, you shouldn't add attributes to the body element in your HTML template, because they aren't copied.
You can import the bootstrap references. Please see this document: https://learn.microsoft.com/en-us/dynamics365/customer-engagement/portals/azure-ad-b2c
See also: https://github.com/Azure-Samples/active-directory-b2c-php-webapp-openidconnect
It looks horrible for a reason. No styling is applied to the page so that it can be fully customizable. You can reference Bootstrap for CSS; however, I have run in to issues when using bootstrap.js for modals since it appears the Azure B2C API uses bootstrap for modals...In my experience, it is best to rely on Vanilla JS and to leave off any references to third-party JS.
It is possible to use JavaScript if you are using your own custom policies. There are some limitations to JavaScript and the best approach is to try to accomplish anything using the policy first.
To enable JavaScript use the following as guide:
<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignIn" />
<UserJourneyBehaviors>
<ScriptExecution>Allow</ScriptExecution>
</UserJourneyBehaviors>
...
</RelyingParty>
When referencing external CSS/JS files, the URL must be absolute. This is true for the head section of HTML files as well as any references within JavaScript. Relative URL's can only be referenced within a CSS file.
Incorrect:
<link href="./css/assets.css" rel="stylesheet" type="text/css" />
Correct:
<link href="https://your-storage-account.blob.core.windows.net/your-container/css/assets.css" rel="stylesheet" type="text/css" />
I am trying to build a Support page for my website which should have Acumatica New Case Screen for customers to create a new Case. I tried using iFrame but when logged in, Selectors and dropdown don't respond. Any Suggestions how do I get New Case screen for my Support page just like in Acumatica Partner's portal.
This is working for me:
1) Create an acumatica portal web site; Make sure sp203000 page is accessible and works fine.
2) Create a simple html page and assign iframe src to be sp203000 screen url:
<!DOCTYPE html>
<html>
<body>
<style>
iframe {height:800px; width:1200px;}
</style>
<iframe src="http://localhost/AcuPortal/pages/sp/sp203000.aspx?CaseCD=null&CaseClassID=BILLING">
<p>Your browser does not support iframes.</p>
</iframe>
</body>
</html>
And it works fine:
New Case form embedded into frame
First time you will see the login screen in the frame. If you want users to see the form without logging in you need to think about some SSO solution for your site and acumatica.
I had this Google floodlight code on a secure page in one of the websites I maintain. This content is inside and iframe which in turn is inside :
<script type="text/javascript">
document.write ('<IFRAME src="https://fls.doubleclick.net/activityi;src=XXXXX;type=12312;cat=084;qty=1;cost=$iTotal;?" width="1" height="1" frameborder="1" style="display:none"
</IFRAME>')
</script>
recently IE issued a message stating the page has insecure content. Inspecting the page with fiddler I can see that now the Google server that receives the floodlights also sends back a javascript library:
"http://www.googleadservices.com/pagead/conversion.js"
which is causing the insecure content message.
Has this happened to you too? Any idea how to fix it?
I found a tag I didn't knew on doubleclick:
<img src="https://gan.doubleclick.net/gan_conversion?advid=K123456&oid=12345&amt=123.45" width=1 height=1>
but It's not very clear if it does the same thing.
Ideas?
In the corrosponding Google Floodlight activity, you'll want to check the box that says "Secure Servers Only (https)".
I'm trying to build an extension for Chrome, but I'm a newbie and I'm having trouble understanding the Docs provided by Google. I want the extension to have a popup that shows a few buttons, and when a button is clicked, I want to run a script.
This is my setup:
popup.html
<button id="test1" onclick="getSite();">button 1</button>
<button id="test2" onclick="getSite();">button 2</button>
content_script.js
function getSite(){alert('getSite works!');}
I'm having trouble understanding how to use the chrome javascript api, as I see others saying use chrome.tabs.executeScript, but I can't figure out where that line goes. Can anyone help me? I'll give you a cookie! or just an upvote.. or maybe both?
You haven't mentioned on which page you want your scripts to run onclick, in Popup.html page or the page on which user is currently working on the browser. If it is just the popup.html page in which you want to execute your script, include them in popup.html page itself.
If however you want to execute them on the user's browser page, You will have to pass a message to your background page, which in turn will execute chrome.tabs.executeScript with current tab's id and {file: 'yourjsfile.js'} as arguments.
I think you are having this problem because of restrictions imposed by the Google Content Security Policy. It mentions that iniline javascript like the one that you have mentioned in you code will not be executed. Try removing the onclick="getSite()" from your HTML markup to content_script.js. Use addEventListener function to attach the event to the button.