I'm getting the following error when attempting to load a third party wysiwyg editor in a chrome extension.
Sandbox access violation: Blocked a frame at "chrome-extension://cmcjindomengjienigbcldekcfnhfped" from accessing a frame at "null". Both frames are sandboxed and lack the "allow-same-origin" flag.
I initially got a similar error and managed to resolve it by adding the allow-same-origin flag. This resulted in another error which required the allow scripts flag. Below is the current state of the iframe element
<iframe sandbox="allow-same-origin allow-scripts" src="editor.html" width="350" height="350" style="border:none;"></iframe>
The wysiwyg editor creates an iframe dynamically to hold the editor. I'm assuming this might be triggering the second instance of the error. I tried setting the allow-same-origin flag on the created iframe in the sandboxed page but this did nothing.
I could try an alternative but, as this is also a learning adventure I'd love to solve this issue.
EDIT: I tried replacing the dynamically created iframe with a div just to see what would occur. I didn't get the error above, but as expected the code failed when properties relating to the iframe were accessed. This isn't proof that the new iframe is the problem but it could indeed be.
EDIT 2 FWIW, the line below is where the error is thrown
this.e = this.i.contentWindow.document;
where it was previously initialized as
this.i = document.createElement('iframe');
If you sandbox your iframe, you can't access it's content from outside. You should then use postMessage to communicate between user agents.
By using allow-same-origin and allow-scripts at the same time on an iframe loaded on the same domain allows the iframe to remove the sandbox attribute.
http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox