NEW 252755
Media Source Extensions doesn't work in Iframe with Sandbox attribute. 
https://bugs.webkit.org/show_bug.cgi?id=252755
Summary Media Source Extensions doesn't work in Iframe with Sandbox attribute.
Sebastian Arguello
Reported 2023-02-22 09:03:42 PST
Read access from Media Source from video element is incorrectly blocked inside iframe with Sandbox attribute, breaking the Media Source Extension (MSE) functionality. As shown in the demo below, a stream is not needed to repro this error. Just by setting the video element to read from a Media Source is enough to get the error. Iframe configuration: iframe, sandbox, allow-scripts. Repro: https://jsfiddle.net/juqts7pb/ Error returned: Not allowed to load local resource: blob:null/49224ea5-e3cd-4232-88d6-a35871f1c7dc Expected behavior: MSE should work correctly inside Sandboxed iframes. I was able to repro this on Safari on Mac and Ipad. Safari on Iphone doesn't support MSE. Related bugs: - https://bugs.webkit.org/show_bug.cgi?id=170075 - https://bugs.webkit.org/show_bug.cgi?id=222312
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-03-01 09:04:15 PST
<rdar://problem/106089796>
Sebastian Arguello
Comment 2 2023-03-02 09:22:26 PST
Using video.srcObject = mediaSource; instead of video.src = URL.createObjectURL(mediaSource); works fine even in the iframe with sandbox attribute. Not being familiar with WebKit code, it seems to me that reading from local url created for the media buffer gets incorrectly blocked as the iframe doesn't have an origin.
Note You need to log in before you can comment on or make changes to this bug.