Skip to content

security: iframe sandbox allows same-origin access to parent page #3

New issue
New issue
Open
Open
security: iframe sandbox allows same-origin access to parent page#3
Labels
bugSomething isn't working
@GeneralJerel

Description

@GeneralJerel
GeneralJerel
opened on Mar 14, 2026

Description

Severity: P0 — Security

In apps/app/src/components/generative-ui/widget-renderer.tsx:523, the iframe sandbox attribute is:

sandbox="allow-scripts allow-same-origin"

The combination of allow-scripts + allow-same-origin allows the iframe to access window.parent and all parent DOM/cookies. While the CSP mitigates remote script loading, agent-generated HTML with inline scripts has full same-origin access to the host page.

Failure mode

XSS via agent-generated content — malicious or hallucinated HTML could read/modify parent page state, steal cookies, or call CopilotKit APIs.

Suggested fix

Remove allow-same-origin from the sandbox. The iframe only needs allow-scripts. The postMessage bridge already works cross-origin. If allow-same-origin is truly required (e.g., for CDN fetches), tighten CSP connect-src and document the tradeoff.

Open question

Is allow-same-origin intentional? What breaks if it's removed?

From self-review finding F01

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions