Enable pop-ups in app iframes (#6002)

* Enable pop-ups in app iframes

Added 'allow-popups' to iframe sandbox permissions, enabling apps to use native links with target="_blank" instead of relying solely on AppBridge actions. Links should still use rel="noreferrer" for security.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Clarify App iframe pop-up functionality

Updated the documentation to clarify that App iframes now allow pop-ups, enabling native links to open in new tabs.

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 3 people

.changeset/all-nights-peel.md

@@ -0,0 +1,5 @@
+---
+"saleor-dashboard": patch
+---
+
+App <iframe>s now enable pop-ups (`"allow-popups"`) which means App can use native links to open new tab, instead using AppBridge action. In the nutshell `<a target="_blank"` is now working. It's still recommended to use `rel="noreferrer"` due to security reasons.

src/extensions/views/ViewManifestExtension/components/AppFrame/AppIFrame.tsx

@@ -41,7 +41,7 @@ const _AppIFrame = forwardRef<HTMLIFrameElement, AppIFrameProps>(
         onLoad={onLoad}
         onError={onError}
         className={className}
-        sandbox="allow-same-origin allow-forms allow-scripts allow-downloads"
+        sandbox="allow-same-origin allow-forms allow-scripts allow-downloads allow-popups"
       />
     );
   },