Markup with RENDER_CONTENT_MODE=iframe always has zero height

[jimparis]

Description

When rendering markup with RENDER_CONTENT_MODE=iframe, the emitted HTML is:

<iframe src="/aaa/bbb/render/branch/main/render.test"
name="giteaExternalRender"
onload="this.height=giteaExternalRender.document.documentElement.scrollHeight"
width="100%" height="0" scrolling="no" frameborder="0" style="overflow: hidden"
sandbox="allow-scripts"
></iframe>

In my tests, the height of the iframe is always stuck at 0. My understanding is that this is due to the sandbox: with allow-scripts but no allow-same-origin, the parent cannot access the iframe's DOM, so giteaExternalRender.document.documentElement.scrollHeight is always NULL. I believe that doing this resize securely would require an explicit postMessage from the iframe to the parent.

In my case I'll work around it by using RENDER_CONTENT_MODE=no-sanitize instead.

Example repro:

[markup.test]
ENABLED = true
FILE_EXTENSIONS = .test
RENDER_CONTENT_MODE = iframe
NEED_POST_PROCESS = false
RENDER_COMMAND = echo test

The rendered iframe is invisible on the page, but if you change the iframe height in browser devtools then you can see the word "test".

Gitea Version

2025-10-23 nightly

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Linux

How are you running Gitea?

Nightly binary

Database

SQLite

[wxiaoguang]

-> Make external iframe render work #35730

[wxiaoguang]

A new nightly is ready:

• https://dl.gitea.com/gitea/main-nightly/

[jimparis]

Thank you!