taehoshino
January 19, 2021, 12:18am
2
Hi @Tenovos-Joseph ! Welcome to the community
I understand you want to enable JavaScript in Preview mode, but as discussed in the following thread, this is not currently supported for security reasons:
HOW can I enable the javascript on response view
There is also a feature request on this in the below GitHub link - if you have specific use cases that you would like to share, please feel free to share them to weigh in!
opened 03:57PM - 19 Jan 17 UTC
feature
Response-Section
configurations
product/runtime
<!--
Welcome to the Postman Issue tracker. Any feature requests / bug reports c… an be posted here.
Any security-related bugs should be reported directly to security@getpostman.com
Version/App Information:
-->
1. Postman Version: 4.9.3
2. App (Chrome app or Mac app): Mac app
3. OS details: 10.12.2
4. Is the Interceptor on and enabled in the app: No
5. Did you encounter this recently, or has this bug always been there: N/A
6. Expected behaviour: N/A
7. Console logs (http://blog.getpostman.com/2014/01/27/enabling-chrome-developer-tools-inside-postman/ for the Chrome App, View->Toggle Dev Tools for the Mac app): N/A
8. Screenshots (if applicable) N/A
For some reason, I need run javascript and submit forms in *Preview*. I know postman doesn't support it for security ([CSP](https://content-security-policy.com/)). So I inspected postman's source code via DevTools, and finally I found
```
131078 { className: 'response-body-iframe-viewer' },
131079 _react2.default.createElement('iframe', {
131080 className: 'response-body-viewer-preview',
131081 sandbox: '' // https://developer.mozilla.org/en/docs/Web/HTML/Element/iframe#attr-sandbox
131082 , src: this.props.src
131083 })
```
in `/Applicatoins/Postman.app/Contents/Resources/app.js`
Then I modify line 131081 to
`sandbox: 'allow-forms allow-scripts'`
relaunch postman, it works!
I think it's may not safe when using postman under `sandbox: 'allow-forms allow-scripts'` all the time. So maybe we could add a button to postman's preferences settings, then we can enable/disable it as needed.
<!--
Steps to reproduce the problem:
-->
<!--
Some guidelines:
1. Please file Newman-related issues at https://github.com/postmanlabs/newman/issues
2. If it’s a Cloud-related issue, or you want to include personal information like your username / collection names, mail us at help@getpostman.com
3. If it’s a question (anything along the lines of “How do I … in Postman”), the answer might lie in our documentation - http://getpostman.com/docs.
-->
Thanks again for reaching out. Let me know if you have any further questions
