Javascript no longer being executed has broken pretty much all iframes
Hello, with the new update on 0.15.8, javascript is no longer being executed. However, this pretty much breaks all/most iframes as most pages have some sort of javascript. I have an iframe to see my dashdot page because the widget doesn't work, that iframe no longer loads. I have one to see a discord channel directly from Homarr, that doesn't load anymore. I feel as though this change was not really a good idea, rather than preventing any javascript being allowed to run there should be and there are ways to prevent xss from being run without disabling js altogether
Solution:Jump to solution
I will close this request and we will track this in https://github.com/ajnart/homarr/issues/2217 .
You can subscribe to the issue to get notified as soon as this is fixed:...
5 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Hey @ojmaster
The security patch was an immediate action, we'll try to find a better way, if there is one. Sorry for the inconvenience
Looking forward for an alternative to this issue! I used iFrames to monitor a bunch of my processes and now it's all broken 😦
Yup, came here to tell this. We need a way to give sandbox attributes when creating iframes.
It would give us the power to allow XSS if we wanted to.
Solution
I will close this request and we will track this in https://github.com/ajnart/homarr/issues/2217 .
You can subscribe to the issue to get notified as soon as this is fixed: