chore(web): restrict sandbox iframe (#1024)

web/src/beta/features/Visualizer/Crust/Plugins/PluginFrame/PluginIFrame/index.tsx

@@ -2,8 +2,7 @@ import { forwardRef, ForwardRefRenderFunction, IframeHTMLAttributes, ReactNode,
 import type { RefObject } from "react";
 import { createPortal } from "react-dom";
 
-import useExperimentalSandbox from "../../useExperimentalSandbox";
-import IFrame, { AutoResize } from "../IFrame";
+import { AutoResize } from "../IFrame";
 import SafeIframe from "../SafeIFrame";
 
 import useHooks, { Ref } from "./hooks";
@@ -52,38 +51,21 @@ const PluginIFrame: ForwardRefRenderFunction<Ref, Props> = (
     handleLoad,
   } = useHooks({ ready, ref, visible, type, enabled, onRender });
 
-  const experimentalSandbox = useExperimentalSandbox();
-
   const children = (
     <>
       {html ? (
-        experimentalSandbox ? (
-          <SafeIframe
-            ref={iFrameRef}
-            className={className}
-            iFrameProps={iFrameProps}
-            html={html}
-            autoResize={autoResize}
-            externalRef={externalRef}
-            onMessage={onMessage}
-            onClick={onClick}
-            onLoad={handleLoad}
-            {...options}
-          />
-        ) : (
-          <IFrame
-            ref={iFrameRef}
-            className={className}
-            iFrameProps={iFrameProps}
-            html={html}
-            autoResize={autoResize}
-            externalRef={externalRef}
-            onMessage={onMessage}
-            onClick={onClick}
-            onLoad={handleLoad}
-            {...options}
-          />
-        )
+        <SafeIframe
+          ref={iFrameRef}
+          className={className}
+          iFrameProps={iFrameProps}
+          html={html}
+          autoResize={autoResize}
+          externalRef={externalRef}
+          onMessage={onMessage}
+          onClick={onClick}
+          onLoad={handleLoad}
+          {...options}
+        />
       ) : renderPlaceholder ? (
         <>{renderPlaceholder}</>
       ) : null}

web/src/beta/features/Visualizer/Crust/Plugins/PluginFrame/SafeIFrame/index.tsx

@@ -69,8 +69,8 @@ const IFrame: React.ForwardRefRenderFunction<Ref, Props> = (
       ref={composeRefs(iFrameRef, externalRef)}
       className={className}
       onLoad={onIFrameLoad}
-      sandbox="allow-scripts allow-downloads allow-popups allow-popups-to-escape-sandbox"
-      allow="geolocation; camera"
+      sandbox="allow-scripts allow-downloads"
+      allow=""
       {...props}
     />
   ) : null;

web/src/beta/features/Visualizer/Crust/Plugins/hooks.ts

@@ -61,7 +61,6 @@ export default function ({
   interactionMode,
   timelineManagerRef,
   overrideInteractionMode,
-  useExperimentalSandbox,
   overrideSceneProperty,
   onLayerEdit,
   onLayerSelectWithRectStart,
@@ -605,7 +604,6 @@ export default function ({
       pluginInstances,
       clientStorage,
       timelineManagerRef,
-      useExperimentalSandbox,
     }),
     [
       engineName,
@@ -676,7 +674,6 @@ export default function ({
       pluginInstances,
       clientStorage,
       timelineManagerRef,
-      useExperimentalSandbox,
     ],
   );
 

web/src/beta/features/Visualizer/Crust/Plugins/types.ts

@@ -35,7 +35,6 @@ export type Props = PropsWithChildren<{
   viewport?: Viewport;
   alignSystem?: WidgetAlignSystem;
   floatingWidgets?: InternalWidget[];
-  useExperimentalSandbox?: boolean;
   timelineManagerRef?: TimelineManagerRef;
   overrideSceneProperty?: (id: string, property: any) => void;
   interactionMode: InteractionModeType;
@@ -56,6 +55,5 @@ export type Context = {
   pluginInstances: PluginInstances;
   clientStorage: ClientStorage;
   timelineManagerRef?: TimelineManagerRef;
-  useExperimentalSandbox?: boolean;
   overrideSceneProperty?: (id: string, property: any) => void;
 };

web/src/beta/features/Visualizer/Crust/index.tsx

@@ -64,7 +64,6 @@ export type Props = {
   installableInfoboxBlocks?: InstallableInfoboxBlock[];
   // plugin
   externalPlugin: ExternalPluginProps;
-  useExperimentalSandbox?: boolean;
   // widget events
   onWidgetLayoutUpdate?: (
     id: string,
@@ -116,7 +115,6 @@ export default function Crust({
   sceneProperty,
   selectedFeatureInfo,
   externalPlugin,
-  useExperimentalSandbox,
   layers,
 
   // Widget
@@ -214,7 +212,6 @@ export default function Crust({
       floatingWidgets={floatingWidgets}
       interactionMode={interactionMode ?? "default"}
       timelineManagerRef={mapRef?.current?.timeline}
-      useExperimentalSandbox={useExperimentalSandbox}
       overrideInteractionMode={handleInteractionModeChange}
       overrideSceneProperty={overrideSceneProperty}
       onLayerEdit={onLayerEdit}

web/src/beta/features/Visualizer/index.tsx

@@ -52,7 +52,6 @@ type VisualizerProps = {
     | undefined;
   story?: Story;
   zoomedLayerId?: string;
-  useExperimentalSandbox?: boolean;
   visualizerRef?: MutableRefObject<MapRef | null>;
   currentCamera?: Camera;
   interactionMode?: InteractionModeType;
@@ -138,7 +137,6 @@ const Visualizer: FC<VisualizerProps> = ({
   pluginProperty,
   story,
   zoomedLayerId,
-  useExperimentalSandbox = true,
   visualizerRef,
   currentCamera,
   interactionMode,
@@ -227,7 +225,6 @@ const Visualizer: FC<VisualizerProps> = ({
           inEditor={inEditor}
           mapRef={visualizerRef}
           layers={layers}
-          useExperimentalSandbox={useExperimentalSandbox}
           // Plugin
           externalPlugin={{ pluginBaseUrl: config()?.plugins, pluginProperty }}
           // Widget