-
-
Notifications
You must be signed in to change notification settings - Fork 35.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(code-uri): Chrome iframe error with XSS Auditor #15064
fix(code-uri): Chrome iframe error with XSS Auditor #15064
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This works upon load, which is an improvement and tells us this fix will work, which is great. However, as soon as I start typing, the URL is updated and things break. If we stop updating the URL, I believe this fix will work. Disabling auto run does not seem necessary to me, we only need to stop changing the URL.
As an aside, we should take a look at what this does to solutions in your profile once we fix this.
Great work!
client/commonFramework/code-uri.js
Outdated
@@ -101,7 +101,6 @@ window.common = (function(global) { | |||
if (!query) { | |||
return null; | |||
} | |||
|
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
@systimotic I've updated the user stories for this PR I don't believe this will have an effect on loading user solutions, since this still loads the code initially |
- remove solution from URI when read - remove querify solution upon edit or reset
@raisedadead updated the pull request. |
Just to note:
Please let me know if I might have missed any corner cases. |
Looks like this works great! I can confirm that this resolves the original issue. What I was worried about was loading and especially saving the user solutions, but that still works wonderfully. I originally thought it may have been doing that based on the URL, but luckily that was not the case. @BerkeleyTrue Can you confirm, and if everything is OK, merge and deploy? |
Yes, actually that's what took analyzing and testing so long, turns out that I wasn't aware of a ton of inner working of the code runner. Lol. |
Code LGTM. |
disable code auto runauto run works perfectly.add code lockingnot required as tested.Closes #13727
I have tested that this is the minimum required, changes that we need to do get away with the least impact to the existing UX.
Some caveats, that are a part of this, unfortunately, is the ability to share a URL that had the code in it, but IMHO it's for good that we considered deprecating that capability anyways.
Please QA and let me know for changes.