2

I've created a virtual desk page that will run in a browser (IE11 or chrome) in kiosk mode, I want to to put the result on a big touchscreen display in order to allow the users to explorer the intranet site through the kiosk.

In the page I have also an iframe which shows other sites in my domain mycompany.com.

I'm trying to build a policy for which sites shown in the iframe are allowed to follow href to other pages but disabling mailto and file link ( in order to avoid the the browser open the e-mail client or the file explorer). Of course, I cannot change the code of the original sites shown in the iframe and I know that I cannot override the href with a JS in the container page because of the same-origin policy.

Is there a way to obtain this ?

I've found the attribute sandbox of iframe tag in HTML5 but I'm not sure about to use it in order to accomplish the task.

Any ideas ?

Paul Sweatte
  • 24,148
  • 7
  • 127
  • 265
alexroat
  • 1,687
  • 3
  • 23
  • 34

1 Answers1

1

Use the desktop app, registry edits or zone policy to control this:

An app can register to become the default handler for a certain Uniform Resource Identifier (URI) scheme name. Both desktop apps and Windows Runtime apps can register to be a default handler for a URI scheme name. If the user chooses your app as the default handler for a URI scheme name, your app will be activated every time that type of URI is launched.

By default, Internet Explorer prevents navigation to Uniform Resource Identifiers (URIs) using the "file:" protocol when the current URL matches the following conditions:

The current URL is opened in the Internet zone or the Restricted Sites zone. The current URL uses a protocol other than "file:".

For a mail client, the program needs to have registered settings under the HKEY_CLASSES_ROOT\mailto key in order to service URLs that use the mailto protocol. Set values and keys that mirror those settings under the following key.

HKEY_LOCAL_MACHINE
   Software
      Clients
         Mail
            CanonicalName
               Protocols
                  mailto

The RegisterProtocolHandler API will work for Chrome:

Chrome 13 finally includes navigator.registerProtocolHandler. This API allows web apps to register themselves as possible handlers for particular protocols. For example, users could select your application to handle “mailto” links.

Register a protocol scheme like:

 navigator.registerProtocolHandler(
'mailto', 'about:blank', 'Mail Protocol');

The first parameter is the protocol. The second is the URL pattern of the application that should handle this scheme. The pattern should include a ‘%s’ as a placeholder for data and it must must be on the same origin as the app attempting to register the protocol. Once the user approves access, you can use this link through your app, other sites, etc.

References

Paul Sweatte
  • 24,148
  • 7
  • 127
  • 265
  • `'about:blank'` will not work since `'%s'` is required inside the `registerProtocolHandler`'s second argument - and works only from a secure https context... – Roko C. Buljan Aug 30 '21 at 16:44