From 9a5d1ad4177054414fa603ccc8db34bd8ba6b271 Mon Sep 17 00:00:00 2001
From: Artur Androsovych <arthurandrosovich@gmail.com>
Date: Mon, 28 Aug 2023 22:53:10 +0300
Subject: [PATCH] fix: set sandbox iframe styles directly through JavaScript
 (#449)

This commit sets style properties on the sandbox directly using the `style[property] = value`
syntax. This method is allowed by CSP configurations. Previously, it was calling
`sandbox.setAttribute('style', '...')`, which is often restricted because it involves setting
inline styles via an attribute.
---
 src/lib/main/snippet.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/lib/main/snippet.ts b/src/lib/main/snippet.ts
index a43c3114..f4fc46a5 100644
--- a/src/lib/main/snippet.ts
+++ b/src/lib/main/snippet.ts
@@ -75,7 +75,11 @@ export function snippet(
   function loadSandbox(isAtomics?: number) {
     sandbox = doc.createElement(isAtomics ? 'script' : 'iframe');
     if (!isAtomics) {
-      sandbox.setAttribute('style', 'display:block;width:0;height:0;border:0;visibility:hidden');
+      sandbox.style.display = 'block';
+      sandbox.style.width = '0';
+      sandbox.style.height = '0';
+      sandbox.style.border = '0';
+      sandbox.style.visibility = 'hidden';
       sandbox.setAttribute('aria-hidden', !0 as any);
     }
     sandbox.src =