Sandbox access violation when using tinyeditor wysiwyg editor in chrome extension

Question

I\'m getting the following error when attempting to load a third party wysiwyg editor in a chrome extension.

Sandbox access violation: Blocked a frame at

Answer 1

If you sandbox your iframe, you can't access it's content from outside. You should then use postMessage to communicate between user agents.

By using allow-same-origin and allow-scripts at the same time on an iframe loaded on the same domain allows the iframe to remove the sandbox attribute.

http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox

Setting both the allow-scripts and allow-same-origin keywords together when the embedded page has the same origin as the page containing the iframe allows the embedded page to simply remove the sandbox attribute and then reload itself, effectively breaking out of the sandbox altogether.