From 469dbd5dee4daa1b0184a6e495cd2d7151347576 Mon Sep 17 00:00:00 2001
From: dphuang2 <dylan.p.huang@gmail.com>
Date: Wed, 1 Apr 2026 12:00:00 +0800
Subject: [PATCH] added 'pointer-events: none' for Replayer iframe (#96)

'pointer-events: none' prevents the user from interacting with the DOM
inside of the iframe. This prevents accidental tampering by a user when
watching replays such as link clicks or DOM manipulation.

pointer-events supported by 97.15% usage: https://caniuse.com/#feat=pointer-events
---
 src/replay/index.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/replay/index.ts b/src/replay/index.ts
index 6752cfb1..09200f7f 100644
--- a/src/replay/index.ts
+++ b/src/replay/index.ts
@@ -178,6 +178,7 @@ export class Replayer {
     this.iframe = document.createElement('iframe');
     this.iframe.setAttribute('sandbox', 'allow-same-origin');
     this.iframe.setAttribute('scrolling', 'no');
+    this.iframe.setAttribute('style', 'pointer-events: none');
     this.wrapper.appendChild(this.iframe);
   }