Requiring both "allow-script allow-same-origin" actually breaks sandboxing altogether, because a script with allow-same-origin can break out of its own sandbox, according to MDN. Having the sandbox only be allowed "allow-scripts" should be sufficient for webXR. To reproduce this issue, create a simple Iframe with threejs/babylonjs webxr content in the srcDoc attribute: This behavior does not happen on Chrome, though I am using a chrome plugin to use "VR" on my local workstation, so its not exactly a 1-to-1 test. These features work together to provide a highly efficient browsing. I've noticed that the Meta Quest Browser enforces sandboxed IFrames to have "allow-same-origin" be toggled, or else VR content cannot load and with threejs (webxr) specifically, it will crash the browser! Sandboxie - Open-source Avast Internet Security - Built-in sandbox support. Simply double-click on the Sandboxed Web Browser icon that Sandboxie will place on the desktop. I'd like to report a bug, or at least an oddity. Sandboxie will place a shortcut on the desktop. Add Quick Launch shortcut for starting Web browser under Sandboxie creates (when checked) or removes (when cleared) the Sandboxed Web Browser shortcut icons on your Quick Launch bar. safe executions of untrusted, platform-independent native code in a browser. Thank for you for hard work! Meta Quest Browser has been awesome to develop with. Discover app sandboxing principles and learn about application sandboxing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |