From fef4b97a03cc0cffcff359fc8fae6f5922bdb095 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Fri, 1 Sep 2023 18:55:55 +0530
Subject: [PATCH] E-book viewer/Content server: Disallow browser native context
 menu when right clicking in sandboxed iframes. Fixes #2033530 [E-book viewer:
 right-clicking in book metadata view opens a context
 menu](https://bugs.launchpad.net/calibre/+bug/2033530)

---
 src/pyj/utils.pyj | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/pyj/utils.pyj b/src/pyj/utils.pyj
index df5a9dc74c..ccaebbac8c 100644
--- a/src/pyj/utils.pyj
+++ b/src/pyj/utils.pyj
@@ -240,6 +240,9 @@ def sandboxed_html(html, style, sandbox):
     css = 'html, body { margin: 0; padding: 0; font-family: __FONT__ } p:first-child { margin-top: 0; padding-top: 0; -webkit-margin-before: 0 }'.replace('__FONT__', get_font_family())
     css += style or ''
     final_html = f'<!DOCTYPE html><html><head><style>{css}</style></head><body>{html}</body></html>'
-    # Microsoft Edge does not support srcdoc not does it work using a data URI.
+    # prevent context menu on right click in iframe
+    ans.addEventListener('load', def(ev):
+        ev.target.contentWindow.addEventListener('contextmenu', def(e): e.preventDefault();)
+    )
     ans.srcdoc = final_html
     return ans