[Web Previewer] Fix for HTML Injection warning
Forge component by Rui Mendes
Application Type
Traditional Web


I was playing around with this Webviewer and noticed HTML injection warning in the expression to show pdf. 

I managed to fix this by replacing the unescaped expression by an Iframe widget. Are there any disadvantages for using this widget ? 



Hello Silvia,

The only "downside" of this component is if your project/company has some security restrictions on 3rd parties like Microsoft/Google, since it uses an iframe to allow the preview of xlxs,docx etc. documents.

In one of our projects it was a no-go since we have a content security policy in place that doesn't allow external redirects/iframes in the applications.



Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.