I am working on a Flask web application. It has two iframes side-by-side and accesses a csv file. The file contains urls that, by using selenium .page_source(), will be loaded into the iframes using srcdoc. The page source is edited using beautiful soup 4 before being turned into a string and being sent to the frontend.
The issue I am facing right now is that, when I open the app (either locally or the version hosted on a virtual machine) SOMETIMES I am redirected to an empty page with “about:srcdoc” in the url bar. While it doesnt happen 100%, it occurs frequently enough to be a problem.
GitHub repo with code: https://github.com/MohamedMoustafaNUIG/AnnotatorVM
The flask application is annotator.py and the pages that load from the root are app/templates/index.html and app/templates/base.html
Code snippet from index.html
<div class="row" style="width: 100%; height: 80%; min-height: 600px;"> <p align="center">Annotated Origins: {{fpo}} / {{tpo}} for this page and {{fto}} / {{tto}} in total</p> <div class="column left" style="width:50%; position: relative; display: inline-block; margin: 0; border: 0; padding: 0;"> <h4><a id="cLink" href="{{t3}}" target="_blank">Fact Checking Article: </a></h4> <iframe id="cframe" style="display: block" width="100%" height="100%" srcdoc="{{t1}}"></iframe> </div> <div class="column right" style="width:50%; position: relative; display: inline-block; margin: 0; border: 0; padding:0;"> <h4><a id="oLink" href={{t4}} target="_blank">Origin Candidate: </a></h4> <iframe id="oframe" style="display: block" width="100%" height="100%" srcdoc="{{t2}}"></iframe> </div> </div>
Has anyone run into a similar problem before? It doesnt need to be when using flask, I just want to understand the logic behind redirecting to “about:srcdoc”. Any advice? Thank you in advance 🙂
EDIT: Nothing? I cant be the first one to ever face this problem.
Advertisement
Answer
It seems that some pages being displayed in the iframe where redirecting the parent page (my app) to about:srcdoc url. Solved this by sandboxing both iframes and restricting top-navigation only.