• 12-Jun-2023
Lightrun Team
Author Lightrun Team

“…document’s frame is sandboxed and the ‘allow-scripts’ permission is not set”

Lightrun Team
Lightrun Team

Explanation of the problem

Problem Description:

When using CSScritics, an error occurs stating, “Blocked script execution in ‘http://solar-druid.codio.io/tests/csscritic.html‘ because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set.” The error message points to the file “rasterizeHTML.allinone.js” and the functions “calculateDocumentContentSize” and “drawDocumentAsSvg.” It appears that the error is related to an <iframe> element with the sandbox attribute, which is attempting to run JavaScript without the necessary permission.

Resolution Explanation:

The error message indicates that the <iframe> element in question is using the sandbox attribute, which restricts the execution of scripts unless explicitly allowed with the “allow-scripts” permission. In the rasterizeHTML source code, the function “createHiddenSandboxedIFrame()” is responsible for creating the sandboxed frame, which is used by “calculateDocumentContentSize()” to copy the contents of the document and measure their size. The presence of <script> tags within the document causes the error, as scripts are generally disallowed within sandboxed frames.

Reproducing the Bug:

The bug was observed on Chromium 45.0.2454.101 running on Ubuntu 15.04 (64-bit) when accessing “./test/csscritic.html.” The tested page is “./index.html,” and under normal circumstances, the expected output should resemble “2015-12-29_mathador_ui_home.” It is worth noting that this bug report includes a greeting message, “Hi Christopher, long time not seen!”

Overall, this problem with the CSScritics tool involves a sandboxed <iframe> and the lack of the “allow-scripts” permission, resulting in blocked script execution. Understanding the cause of the error allows for targeted troubleshooting and potentially modifying the sandbox settings or script usage to resolve the issue.


Troubleshooting with the Lightrun Developer Observability Platform

Getting a sense of what’s actually happening inside a live application is a frustrating experience, one that relies mostly on querying and observing whatever logs were written during development.
Lightrun is a Developer Observability Platform, allowing developers to add telemetry to live applications in real-time, on-demand, and right from the IDE.

  • Instantly add logs to, set metrics in, and take snapshots of live applications
  • Insights delivered straight to your IDE or CLI
  • Works where you do: dev, QA, staging, CI/CD, and production

Start for free today

Problem solution for: “…document’s frame is sandboxed and the ‘allow-scripts’ permission is not set”

To solve the problem of blocked script execution in the sandboxed frame of CSScritics, you need to ensure that the necessary permissions are set for script execution within the <iframe>. Specifically, the “allow-scripts” permission needs to be included in the sandbox attribute of the <iframe> element.

Here’s an example of how to modify the sandbox attribute to include the “allow-scripts” permission:


<iframe src="http://solar-druid.codio.io/tests/csscritic.html" sandbox="allow-scripts"></iframe>


By adding “allow-scripts” to the sandbox attribute, you explicitly grant permission for scripts to run within the <iframe>. This should resolve the issue of blocked script execution in the sandboxed frame.

It’s important to note that modifying the sandbox settings should be done with caution, as it can have security implications. Make sure to consider the potential risks and only enable permissions that are necessary for your specific use case.


Other popular problems with rasterizeHTML.js

  1. Issue: Blocked script execution in a sandboxed frame Problem Description: One common problem with rasterizeHTML.js is the blocked script execution in a sandboxed frame. This occurs when an <iframe> element with the sandbox attribute is attempting to run JavaScript without the “allow-scripts” permission set. As a result, the script execution is blocked, and an error message is displayed. This issue can prevent certain functionalities or operations from working as expected.

Solution: To address this problem, you need to modify the sandbox attribute of the <iframe> element to include the “allow-scripts” permission. By explicitly granting script execution permission, the JavaScript code within the sandboxed frame will be allowed to run. Here’s an example of how to modify the sandbox attribute:


<iframe src="http://example.com" sandbox="allow-scripts"></iframe>


By including “allow-scripts” in the sandbox attribute, you enable the execution of scripts within the sandboxed frame, resolving the blocked script execution issue.

  1. Issue: Performance and Rendering Efficiency Problem Description: Another common challenge with rasterizeHTML.js is related to performance and rendering efficiency. When rendering complex or large HTML documents, the library may encounter performance issues, resulting in slower rendering times and increased memory usage. This can be problematic, particularly when dealing with extensive or dynamically generated HTML content.

Solution: To optimize the performance and rendering efficiency of rasterizeHTML.js, consider the following strategies:

  • Simplify and optimize the HTML structure: If possible, simplify the HTML structure by removing unnecessary elements, reducing nested levels, and optimizing CSS selectors. This can help improve rendering performance.
  • Implement caching mechanisms: Utilize caching mechanisms to store previously rendered HTML content and avoid unnecessary re-rendering. This can be achieved using browser caching or server-side caching techniques.
  • Break large documents into smaller parts: If dealing with large HTML documents, consider breaking them into smaller parts and rendering them incrementally. This can help distribute the rendering workload and improve overall performance.
  1. Issue: Cross-Origin Resource Sharing (CORS) Restrictions Problem Description: RasterizeHTML.js may encounter issues with Cross-Origin Resource Sharing (CORS) restrictions when attempting to render HTML content from different domains. CORS is a security mechanism implemented by browsers to restrict access to resources across different origins. If the HTML content being rendered by rasterizeHTML.js is hosted on a different domain, CORS restrictions can prevent the rendering process.

Solution: To overcome CORS restrictions, you have a few options:

  • Configure CORS headers on the server: If you have control over the server hosting the HTML content, ensure that it includes the appropriate CORS headers to allow cross-origin requests. This typically involves setting the “Access-Control-Allow-Origin” header to specify the allowed domains.
  • Proxy the HTML content: Instead of directly rendering HTML content from a different domain, you can set up a server-side proxy that fetches the content from the remote domain and serves it from your own domain. This way, the content is considered same-origin, and CORS restrictions are bypassed.
  • Embed the HTML content within the same domain: If feasible, consider hosting the HTML content within the same domain as the rasterizeHTML.js script. This ensures that the content is considered same-origin, eliminating CORS restrictions.


A brief introduction to rasterizeHTML.js

RasterizeHTML.js is a powerful JavaScript library that enables the rendering of HTML content into various formats, such as images or PDF files. It provides a convenient solution for generating static snapshots or representations of HTML documents programmatically. By utilizing the underlying browser rendering engine, rasterizeHTML.js accurately captures the visual appearance of the HTML content, including the styling, layout, and graphical elements.

One of the key features of rasterizeHTML.js is its ability to handle complex HTML structures and dynamically generated content. The library supports rendering of HTML documents that contain CSS styles, JavaScript interactivity, and embedded resources like images or fonts. It ensures fidelity in the rendering process, allowing developers to create pixel-perfect representations of HTML content. With rasterizeHTML.js, developers can leverage the power of browser rendering capabilities in server-side applications or headless environments, enabling tasks such as generating PDF reports, capturing website screenshots, or producing static images of web pages.

Furthermore, rasterizeHTML.js provides a flexible and customizable API for controlling the rendering process. Developers can specify options such as the desired output format, image dimensions, scaling, or background color. The library also supports event handling, allowing the execution of custom JavaScript code before or after rendering, enabling further customization and integration with other workflows. With its comprehensive functionality and ease of use, rasterizeHTML.js empowers developers to seamlessly incorporate HTML rendering capabilities into their applications, enhancing the versatility and visual representation of their content.

Most popular use cases for rasterizeHTML.js


  1. Generating Static Images: RasterizeHTML.js can be used to generate static images of HTML content, allowing developers to capture the visual representation of web pages or specific HTML elements. By specifying the desired dimensions and format, developers can utilize the library to create image snapshots of HTML documents programmatically. Here’s an example code snippet demonstrating how to generate an image using rasterizeHTML.js:


const rasterizeHTML = require('rasterizehtml');

const htmlContent = '<div><h1>Hello, world!</h1><p>This is a sample HTML content.</p></div>';
const imageOptions = {
  width: 800,
  height: 600,
  format: 'png',

rasterizeHTML.drawHTML(htmlContent, imageOptions)
  .then((imageData) => {
    // Use the generated image data
    console.log('Image data:', imageData);
  .catch((error) => {
    // Handle any errors
    console.error('Error generating image:', error);


  1. Creating PDF Documents: RasterizeHTML.js enables the generation of PDF documents from HTML content. It can convert HTML elements or entire web pages into PDF format, preserving the layout, styling, and graphical elements. This functionality is useful for generating printable reports, exporting web content as PDFs, or creating document snapshots. By specifying PDF-specific options, developers can control aspects such as page size, margins, and orientation. Here’s an example code snippet illustrating how to generate a PDF using rasterizeHTML.js:


const rasterizeHTML = require('rasterizehtml');

const htmlContent = '<div><h1>Hello, world!</h1><p>This is a sample HTML content.</p></div>';
const pdfOptions = {
  format: 'Letter',
  margin: '1cm',

rasterizeHTML.drawHTML(htmlContent, pdfOptions, 'output.pdf')
  .then(() => {
    // PDF generation completed
    console.log('PDF generated successfully.');
  .catch((error) => {
    // Handle any errors
    console.error('Error generating PDF:', error);


  1. Headless Browser Automation: RasterizeHTML.js can be utilized for headless browser automation tasks. By leveraging its HTML rendering capabilities, developers can programmatically interact with web pages, extract information, perform DOM manipulations, and capture rendered content. This enables various use cases, such as web scraping, web testing, or generating dynamic content snapshots. With its ability to execute JavaScript and handle complex HTML structures, rasterizeHTML.js provides a powerful tool for simulating browser behavior in headless environments.



It’s Really not that Complicated.

You can actually understand what’s going on inside your live applications. It’s a registration form away.

Get Lightrun

Lets Talk!

Looking for more information about Lightrun and debugging?
We’d love to hear from you!
Drop us a line and we’ll get back to you shortly.

By submitting this form, I agree to Lightrun’s Privacy Policy and Terms of Use.