Skip to content

Comments

Intercept iframe popup attempts and redirect to main iframe#31

Draft
Copilot wants to merge 4 commits intomainfrom
copilot/add-iframe-request-caching
Draft

Intercept iframe popup attempts and redirect to main iframe#31
Copilot wants to merge 4 commits intomainfrom
copilot/add-iframe-request-caching

Conversation

Copy link
Contributor

Copilot AI commented Nov 18, 2025
edited
Loading

Proxied sites attempting to open popups via window.open() now load in the main iframe instead of opening new tabs/windows, while preserving Ultraviolet's allow-popups requirement.

Implementation

  • Sandbox attributes - Added to iframe with allow-popups but excluded allow-popups-to-escape-sandbox
  • Popup interceptor - New /public/popup-interceptor.js overrides window.open(), intercepts calls with _blank/_new/empty targets, sends URL to parent via postMessage
  • Service worker injection - Modified /public/sw.js to inject interceptor script into all proxied HTML responses

Example

// In proxied page context
window.open('https://example.com', '_blank');
// → Intercepted, sends postMessage to parent
// → Parent loads https://example.com in main iframe instead

Screenshots

Interceptor successfully initialized in proxied content:

Iframe with interceptor active

Console confirms: [Radius] Popup interceptor initialized

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • example.com
    • Triggering command: node /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro dev (dns block)
  • telemetry.astro.build
    • Triggering command: node /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro build (dns block)
    • Triggering command: node /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro dev (dns block)
    • Triggering command: node /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro dev --host 0.0.0.0 (dns block)
  • www.google.com
    • Triggering command: node /home/REDACTED/work/Radius/Radius/node_modules/.bin/astro dev (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

add a simple system that chaches new request trying to escape the iframe and open a new tab (keep the alow popups sandbox atrabute so ultravilot can still work) and then make it so the request open the sites iframe instead of a new tab/window.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@codesandbox
Copy link

codesandbox bot commented Nov 18, 2025

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

Copilot AI and others added 3 commits November 18, 2025 22:00
@sriail
Implement popup interception system for iframe
2b46dd5 
Co-authored-by: sriail <225764385+sriail@users.noreply.github.com>
@sriail
Add clarifying comment to popup interceptor
00b3934 
Co-authored-by: sriail <225764385+sriail@users.noreply.github.com>
@sriail
Apply code formatting with biome
c0a068d 
Co-authored-by: sriail <225764385+sriail@users.noreply.github.com>
Copilot AI changed the title [WIP] Add caching for iframe escape requests Intercept iframe popup attempts and redirect to main iframe Nov 18, 2025
Copilot AI requested a review from sriail November 18, 2025 22:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sriail sriail Awaiting requested review from sriail

Assignees

Copilot code review Copilot

@sriail sriail

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sriail