118859 2013-07-18 12:08:40 -0700 Sandbox attribute on an iframe blocks PDF documents from being rendered 2013-07-19 11:33:12 -0700 1 1 1 Unclassified WebKit Frames 523.x (Safari 3) PC Windows 7 NEW P2 Normal --- 1 vestigalorgan webkit-unassigned ap thorton vestigalorgan oldest_to_newest 909837 0 207012 vestigalorgan 2013-07-18 12:08:40 -0700 Created attachment 207012 A test case that shows the behavior. For an iframe, the sandbox attribute appears to block PDF files from being rendered, even if all of the sandbox's attributes are specified. I've attached a simple test case that demonstrates it. The test case requires a PDF file named "test.pdf" to be in the same folder as the HTML file. 909845 1 vestigalorgan 2013-07-18 12:30:40 -0700 Looking around a bit more, it seems that there is some debate as to how this should work. https://bugs.webkit.org/show_bug.cgi?id=39219 talked a bit about an allow-plugins value for the sandbox attribute, but it doesn't seem like much happened with it. http://www.whatwg.org/specs/web-apps/current-work/#sandboxed-plugins-browsing-context-flag talks about a flag that can be set to allow plugins, but I don't see any way to do that. http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox first says that plugins should be "secured" when the sandbox attribute is added, but then in the next couple of paragraphs it moves to talking about the plugins being disabled, instead. 910249 2 207126 ap 2013-07-19 11:12:32 -0700 Created attachment 207126 test case The previous test case did not actually have a sandbox attribute, so it didn't demonstrate the issue. Plug-ins are a complicated issue indeed, but I think that Safari's built-in PDF support should work (and it doesn't). 910264 3 vestigalorgan 2013-07-19 11:33:12 -0700 Ah, hehe, I can't believe that I messed up the original test case so badly XD Your test case reproduces the issue on my machine, as well. Thanks for writing it. 207012 2013-07-18 12:08:40 -0700 2013-07-19 11:12:32 -0700 A test case that shows the behavior. iframeSandboxPdf.html text/html 82 vestigalorgan PGh0bWw+DQo8aGVhZD4NCjwvaGVhZD4NCjxib2R5Pg0KPGlmcmFtZSBzcmM9InRlc3QucGRmIj48 L2lmcmFtZT4NCjxib2R5Pg0KPC9odG1sPg== 207126 2013-07-19 11:12:32 -0700 2013-07-19 11:12:32 -0700 test case iframeSandboxPdf.html text/html 106 ap PGh0bWw+DQo8Ym9keT4NCjxpZnJhbWUgc2FuZGJveD0iIiBzcmM9Imh0dHA6Ly93d3cuaXJzLmdv di9wdWIvaXJzLXBkZi9mdzQucGRmIj48L2lmcmFtZT4NCjxib2R5Pg0KPC9odG1sPg==