-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsandbox.html
46 lines (37 loc) · 1.35 KB
/
sandbox.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Secure SVG Embedding</title>
</head>
<body>
<h2>Securely Embedded Untrusted SVG</h2>
<button onclick="sendMessageToSVG('changeColor')">Change Circle Color</button>
<button onclick="sendMessageToSVG('moveCircle')">Move Circle</button>
<!-- Securely embedded untrusted SVG -->
<iframe
id="svgContainer"
src="untrusted.svg"
width="400"
height="400"
sandbox="allow-scripts allow-same-origin"
></iframe>
<p id="log"></p> <!-- This will log messages received from SVG -->
<script>
const iframe = document.getElementById("svgContainer");
function sendMessageToSVG(action) {
if (iframe.contentWindow) {
iframe.contentWindow.postMessage(action, "*"); // Send action to SVG
} else {
console.error("SVG is not loaded yet.");
}
}
// Listen for messages from the SVG
window.addEventListener("message", function(event) {
if (event.origin !== window.location.origin) return; // Allow only messages from same origin
document.getElementById("log").innerText = "SVG Response: " + event.data;
});
</script>
</body>
</html>