About this episode
The episode discusses a recent Google Chrome update that affected CodePen embeds, leading to JavaScript errors and the subsequent resolution of the issue.
There was a day not long ago where a Google Chrome browser update left any page with a CodePen Embed on it throwing a whole big pile of red JavaScript errors in the console. Not ideal, obviously. The change was related to how the browser handles allow attributes on iframes (i.e. <iframe allow="...">). CodePen was calculating the appropriate values inside an iframe for a nested iframe. That must have been a security issue of sorts, as now those values need to be present on the outside iframe as well. We documented all this in a blog post so hopefully we could get some attention from Chrome on this, and for other browser makers as well since it affects all of us. And I posted it on the ol' social media: Huge thanks to Bramus Van Damme who saw this, triaged it at Chrome, and had a resolution within a day: I think the patch is a great change so hats off to everyone involved for getting it done so quickly. It's already in Canary and don't really know when it'll get the stable but that sure will be good. It follows how Safari is doing things where values that aren't understood are just ignored (which we think is fine and inline with how HTML normally works). Fortunately we were…
Topics covered
- iframe
- JavaScript errors
- browser updates
- security
- CodePen embeds
- web development
Keywords
- iframe allow attribute
- CodePen
- JavaScript errors
- Chrome update
- web security
- browser compatibility
Mentioned in this episode
Organizations: Google Chrome, CodePen, Safari
More episodes of CodePen Radio
- 428: Billing · June 9, 2026
- 427: Next.js and The Journey of SSR · June 2, 2026
- 426: Browserslist in CodePen 2.0 · May 27, 2026
- 425: Debug Logs · May 12, 2026
- 424: File List Optimization · April 29, 2026
- 423: 2.0 Templates · April 22, 2026
Explore listener stats, chart rankings, contacts and more on the CodePen Radio podcast page.