mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-02 18:41:01 +08:00
Two issues in the prior commit that the embedded vergex.trade explore
iframe did not actually need:
1. `allow=clipboard-write` granted the iframe silent write access to
the user's clipboard via the Clipboard API. A compromised or
compromised-by-injection vergex page could overwrite copied
content — classic clipboard-hijack pattern (e.g. swap a copied
wallet address right before the user pastes it into a send form).
The explore view does not need this capability; drop it. Matches
the existing DataPage.tsx iframe pattern.
2. No `sandbox` attribute, so the iframe ran with full implicit
permissions: arbitrary scripts, form submission, top-level
navigation, modals, pointer lock, etc. Add an explicit sandbox
whitelist that grants only what the explore view actually uses:
allow-scripts allow-same-origin allow-forms
allow-popups allow-popups-to-escape-sandbox
Notably withheld:
- allow-top-navigation: the iframe cannot redirect the NOFX
shell to an arbitrary URL.
- allow-modals / allow-pointer-lock / allow-orientation-lock:
not used by the explore page.
- allow-storage-access-by-user-activation: keeps third-party
storage access prompts off the embedded surface.
Verified: explore page renders identically; no sandbox-related
violations in the console (residual errors are vergex's own internal
CSP rejecting analytics + asset fetches, unrelated to our embedding).