Sometimes you might want to make your UI customizable by the players, so you would let them add MOD files. In those cases, you would want to prevent malicious scripts from running. To be sure that the files are safe you can disable or restrict the execution of JavaScript code. In order to prevent abuse from players we suggest:
<iframe src="PlayerMadeContent.html" title="iframe example 1" width="400" height="300" sandbox></iframe>
Coherent::UIGT::ViewInfo::InterceptResourceLoading
to true
and overloading the Coherent::UIGT::ResourceHandler::OnShouldLoadResourceRequest
method. This would stop potentially harmful resources from loading and "hiding" any potentially harmful DOM API like so: window.WebSocket = function () { throw 'forbidden'; }
The script above can be called by either Coherent::UIGT::View::ExecuteScript
or by directly adding it to the user made pages.