IFRAME SANDBOXING

Hi All

We are in the process of making access to our support ticket system available via our app so that clients can track their tickets and progress and so that it is easier for us to manage our support tickets.

The above being said, we have run into a couple of challenges, i.e. :

  1. Is it possible to open the HTML component so that it takes up the visible space in the view i.e. the content window (see screenshot 1 below).
  • Using the fullscreen option not only interferes with our view but also is another click that we would rather not have to make.
  • It also means moving closing fullscreen before being able to navigate back and forth in the app.
  • Then there is the ugly initial render in a small box which often looks like there was a load error of sorts;
  1. We also tried using a simple client side library ObjectPDF to render pdf attachments, this threw out a sandboxing error, as did using our own iframe, embed or object elements. (incidentally using a journey document URL for the source in all cases) (see screenshot 2 (below);
  2. As a last ditch effort we tried simply opening the browser with the pdf url, and got a further error that the allow-popups permission was not set on the iframe. (see screenshot 3 below).

Any advise or pointers in this regard would be greatly appreciated.

SCREENSHOT 1:

SCREENSHOT 2:

image

SCREENSHOT 3:

image

Kind regards
Matt

@matthew Thanks for all the questions

  1. Is it possible to open the HTML component so that it takes up the visible space in the view i.e. the content window (see screenshot 1 below).

Not possible. Please suggest this as well as “toggle HTML fullscreen from JS/TS” to our Product Roadmap for future consideration

  1. We also tried using a simple client side library ObjectPDF to render pdf attachments, this threw out a sandboxing error, as did using our own iframe, embed or object elements. (incidentally using a journey document URL for the source in all cases) (see screenshot 2 (below);
  2. As a last ditch effort we tried simply opening the browser with the pdf url, and got a further error that the allow-popups permission was not set on the iframe. (see screenshot 3 below).

Our platform team will respond with a more detailed explanation of the limitations of the HTML component as it relates to this type of sandboxing issue.

In the mean time, for PDFs, you can render them in the Application runtime using standard JourneyApps components. If the attachment is already in the App DB you can just use journey.files.viewFile(attachment) and if the PDF is behind some URL then you can use this solution

In general, you typically cannot simply embed another web app inside of the HTML component by simply pointing the HTML to the specific URL (details on limitations to follow), and so in your specific case you will likely be better served by doing a integration to your ticketing system and using standard JourneyApps component to display the results / response from the integration with the ticketing system.

I hope that helps in the interim.