[GH-ISSUE #800] Feature Request: Option to disable preview (iframe) to original URL #2015

New issue

Open

opened 2026-03-01 17:55:50 +03:00 by kerem · 0 comments

kerem commented

2026-03-01 17:55:50 +03:00

Owner

Originally created by @Inndy on GitHub (Jul 19, 2021).
Original GitHub issue: https://github.com/ArchiveBox/ArchiveBox/issues/800

Type

General question or discussion
Propose a brand new feature
Request modification of existing behavior or design

What is the problem that your feature request solves

Use iframe to preview original URL may leak Referer URL, cause JavaScript to be executed on browser and cookie leaved.
This may cause some problem related to security and privacy.

Describe the ideal specific solution you'd want, and whether it fits into any broader scope of changes

Have an option to disable iframe preview to orignal URL, and/or option to remove allow-scripts from iframe.sandbox attribute

What hacks or alternative solutions have you tried to solve the problem?

Remove iframe tag completely from HTML template.

Also, I've sent a PR (#799) to resolve the Referer problem

How badly do you want this new feature?

It's an urgent deal-breaker, I can't live without it
It's important to add it in the near-mid term future
It would be nice to have eventually

I'm willing to contribute dev time / money to fix this issue
I like ArchiveBox so far / would recommend it to a friend
I've had a lot of difficulty getting ArchiveBox set up

Originally created by @Inndy on GitHub (Jul 19, 2021). Original GitHub issue: https://github.com/ArchiveBox/ArchiveBox/issues/800  ## Type - [ ] General question or discussion - [ ] Propose a brand new feature - [x] Request modification of existing behavior or design ## What is the problem that your feature request solves  Use iframe to preview original URL may leak `Referer` URL, cause JavaScript to be executed on browser and cookie leaved. This may cause some problem related to security and privacy. ## Describe the ideal specific solution you'd want, and whether it fits into any broader scope of changes  Have an option to disable iframe preview to orignal URL, and/or option to remove `allow-scripts` from [`iframe.sandbox` attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox) ## What hacks or alternative solutions have you tried to solve the problem?  Remove `iframe` tag completely from HTML template. Also, I've sent a PR (#799) to resolve the `Referer` problem ## How badly do you want this new feature? - [ ] It's an urgent deal-breaker, I can't live without it - [x] It's important to add it in the near-mid term future - [ ] It would be nice to have eventually --- - [x] I'm willing to contribute [dev time](https://github.com/ArchiveBox/ArchiveBox#archivebox-development) / [money](https://github.com/sponsors/pirate) to fix this issue - [ ] I like ArchiveBox so far / would recommend it to a friend - [ ] I've had a lot of difficulty getting ArchiveBox set up