Activating the “Allow Content Browsing” feature in an Artifactory repository allows browsing HTML files as if they were hosted on a web server.
Some users may find out that scripts such as Javascript are not being executed on these HTML pages, resulting in the following message in the browser console:
Blocked script execution in 'http://artifactory:8082/artifactory/example-repo-local/test.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
This behavior is expected, as newer Artifactory versions include a security improvement that runs these HTML pages in a sandboxed environment in order to prevent potential attacks such as XSS or CSRF.
Self-Hosted customers can disable the script execution security enhancement by adding the following system property to ‘artifactory.system.properties ’ and restarting Artifactory: artifactory.repo.browsing.content.security.policy=""
Setting this value to be empty means the "Content-Security-Policy" header is not used by the application, and should mean web browsers will allow these exceptions.
Enabling this option is not available for JFrog Cloud customers.