0

I am using an application who's features and code I do not control to create a number of reports. One of the things this is able to do is load and display a webpage. The webpage I am loading into this application has a number of links, and when I click on them from the application the links are blocked from opening because: "the request was made in a sandboxed frame whose 'allow-popups' permission is not set."

This makes sense from a security perspective to me, but I have noticed that if I right-click the link and click "Open in a new Tab" from the context menu that the link will be opened.

My initial attempt was to try to convert all left clicks on links to right clicks, but triggering right mouse up/down events followed by the context menu event did not show the default context menu. My second attempt was to use a custom context menu like here, but doing so required the window.open event being fired by my own js which was also sandboxed.

My question is what special sauce is the default right click behavior using and is there a clever way for me to emulate it or to trigger it via a left click?

ledigiacomo
  • 55
  • 1
  • 10
  • Would it be reasonable to modify your webpage to, instead of `window.open`-ing the reports, to display them in iframe's inside your page? Add some nice UI to allow users to close reports they've opened, etc. Also add some instructions to CTRL (or CMD) + click if the user wants a new window. – Adam Jenkins Oct 17 '19 at 15:08
  • Pages don't have access to the browser's right-click functionality. There isn't a way to bypass sandboxing without disabling it or flagging allowed actions. If this is just for you, you might consider something like TamperMonkey to change the iframe's permissions. – Ouroborus Oct 17 '19 at 18:03

0 Answers0