xuguopeng/rrweb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added 'pointer-events: none' for Replayer iframe (#96)

Browse Source 
'pointer-events: none' prevents the user from interacting with the DOM
inside of the iframe. This prevents accidental tampering by a user when
watching replays such as link clicks or DOM manipulation.

pointer-events supported by 97.15% usage: https://caniuse.com/#feat=pointer-events
This commit is contained in:
dphuang2
2026-04-01 12:00:00 +08:00
committed by yz-yu
parent 49b4f2067b
commit 469dbd5dee
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/replay/index.ts
View File

@@ -178,6 +178,7 @@ export class Replayer {
this.iframe = document.createElement('iframe'); this.iframe = document.createElement('iframe');
this.iframe.setAttribute('sandbox', 'allow-same-origin'); this.iframe.setAttribute('sandbox', 'allow-same-origin');
this.iframe.setAttribute('scrolling', 'no'); this.iframe.setAttribute('scrolling', 'no');
this.iframe.setAttribute('style', 'pointer-events: none');
this.wrapper.appendChild(this.iframe); this.wrapper.appendChild(this.iframe);
} }