Question:
Wix is planning to sandbox Custom Element and iframe extensions. In the link at the bottom, they state that “allow-same-origin” will no longer be allowed. I use a Custom Element to create an iframe (code below). If i add the sandbox attribute with no permissions then my video that is the source of the iframe doesn’t work. When i add “allow-same-origin” then the video works. I believe that my video will no longer work after Jan 1, 2025. Is there anything i can do to make the video work? any help is appreciated. thanks
const createIFrame = (url) => {
const iframe = document.createElement(‘iframe’);
iframe.src = url;
iframe.allowFullScreen = “true”;
iframe.allow = “fullscreen *; encrypted-media *”;
iframe.id = “tj-video-iframe”;
iframe.style = “border:0;height:360px;width:640px;max-width:100%”;
return iframe;
};
Product:
Wix Custom Element
What are you trying to achieve:
Determine if the changes Wix plans to implement regarding sandboxing iframes will disable my videos from being played.
What have you already tried:
Adding and removing iframe sandbox attribute with “allow-same-origin”.
Additional information:
I don’t write to cookies, storage, or cache in my code. I’m not sure if the source of the iframe does.
Does anyone know if this will affect HTML Components.
Is this only if you are using those particular APIs the mention.?
Also is the a more in depth account on what this affects ?.
I only use postMessage() to communicate which I suspect should not be troubled due to it being a sandbox cross talk any way. But as someone who is testing Wix extensively to see if we can move our site from Wordpress to it, it would be good to have a clear idea of what this all actually means.
I do plan on using the custom elements feature. I can only use the Wix Editor, I need single page architecture.
Even though I can’t test custom elements yet as none of my sites are upgraded, this could be a concern for me?
I am equally puzzled by what it means and what I should do, when I see the 
armageddon sounding email from Wix.
From reading the Wix solution link, I gather if I search for the strings below and cannot find any instances then my code is fine? If there is such instances then wrap a try catch block around it, and hope the code still works in 2025?
HTML:
allow-same-origin
Javascript:
sandbox: 'allow-same-origin'
sessionStorage.setItem
sessionStorage.getItem
localStorage.setItem
localStorage.getItem
document.cookie
indexedDB.open
caches.open
However, in this feature update resource, it stated live version of the site will not be affected.
If I am wrong, please point out my mistake and appreciate advice on what I should do.
HI. I saw the info in the link you provided. I believe that if you directly access apis like document.cookies, then the functionality won’t work in preview/editor mode. So you may see some things you didn’t expect. But it should work when you publish to your live site.
