From b0ee3f8279e6947a47b66c277ba26a4075b2d7f2 Mon Sep 17 00:00:00 2001
From: dphuang2 <dylan.p.huang@gmail.com>
Date: Fri, 19 Jul 2019 00:24:55 -0500
Subject: [PATCH] added 'pointer-events: none' for Replayer iframe (#96)

'pointer-events: none' prevents the user from interacting with the DOM
inside of the iframe. This prevents accidental tampering by a user when
watching replays such as link clicks or DOM manipulation.

pointer-events supported by 97.15% usage: https://caniuse.com/#feat=pointer-events
---
 src/replay/index.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/replay/index.ts b/src/replay/index.ts
index 6752cfb1..09200f7f 100644
--- a/src/replay/index.ts
+++ b/src/replay/index.ts
@@ -178,6 +178,7 @@ export class Replayer {
     this.iframe = document.createElement('iframe');
     this.iframe.setAttribute('sandbox', 'allow-same-origin');
     this.iframe.setAttribute('scrolling', 'no');
+    this.iframe.setAttribute('style', 'pointer-events: none');
     this.wrapper.appendChild(this.iframe);
   }