How to show external page in iframe sans Javascript in Firefox?
I'm trying to load an external site in an iframe for my Firefox visitors. The external page is loaded with javascript, and I would like this to be stripped out. For Chrome, the HTML5 sandbox="" works perfectly, and with IE the security="restricted" does the job just fine. With Firefox, I'm struggling.
I've been using the CSP policy directive as described here, but I can't seem to get the right configuration. The following line will load the page, but the javascript on the external site still loads.
header("X-Content-Security-Policy: allow 'self'; object-src 'self'; script-src 'self'; frame-src *.externalsite.com; img-src 'self'");
I've tried dozens of other configurations and seem to have hit a brick wall. Will this work with the CSP directive? Should I look somewhere else to allow an external site to load in an iframe sans javascript in Firefox? Is this even possible in Firefox?
webwiz posted this at 17:09 — 4th February 2012.
He has: 629 posts
Joined: May 2007
Does this method for loading new documents into iFrames not work?
A link to a live example would help.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.