Configurable iframe sandbox permissions in SiteOrigin Video Player

Open 1 reply pluginplugin-widgets-bundletechnical
Prachi Patel
3 days ago · Last reply by Andrew Misplon 1 day ago

I am using the SiteOrigin Video Player widget and noticed that the generated iframe currently uses:
sandbox=”allow-scripts allow-same-origin allow-presentation”

Some security scanners (such as Acunetix) still report this as an insecure or overly permissive iframe configuration because multiple sandbox permissions are enabled.

I understand these permissions are required for normal video playback functionality, especially for providers like YouTube and Vimeo. However, it would be very helpful if the plugin allowed developers/site administrators to configure the sandbox permissions through widget settings or filter hooks.
For example, the ability to:
• customize allowed sandbox directives,
• remove unnecessary permissions,
• or apply stricter policies for self-hosted videos.
This would help sites comply with internal security policies and reduce automated scanner findings while preserving compatibility.

This is our free support forum. Replies can take several days.

Need fast email support? Get SiteOrigin Premium

Replies

1
  1. Andrew Misplon Staff 1 day, 12 hours ago

    Hi Prachi

    Thanks for posting your request, I’ve logged it here https://github.com/siteorigin/so-widgets-bundle/issues/2314.

Please log in to post on our forums. Signing up is free.

Have a different question or issue?

Start New Thread