This functionality was working fine in my application for years, but after the security update, I experience this issue.

I've 100% simplified my  application but the issue remains:

 

I've an HTML page with 2 named frames

htmlpage miframe()

<%{%>    <iframe height='500px' width='100%' frameborder='0' allowTransparency='true' scrolling='auto' src=' https://creator.zohopublic.com/arturoacedo/test-zc56/form-embed/Untitled_Form/4A4x4zVJ9dkj5TaBEsvwgMPvJ6wM3PJKwM1Sk4Yz7yRNS8aAKOYjrQMFmHvBDgtOR1pFVBBf2UXMRhK28jSnrWNdOumdKva5jNvf'></iframe>

<iframe name='ElSegundoMarcoDeArturo' src=' https://app.zohocreator.com/sampleapps/testiframes/page-embed/emptyview' width="1500" height="300"></iframe> 

}%>

In the 1st frame there is a simply stateless form with this script in the button:

MiUrl = " https://www.zoho.com";

    MiFrame = "ElSegundoMarcoDeArturo";

    openUrl(MiUrl + "", "iframe", MiFrame);

This sentence opens MiUrl in a new window. Not in the frame.

Curiously, if I include the openUrl in the HTML page, it works fine:

htmlpage miframe()

<%{%>    <iframe height='500px' width='100%' frameborder='0' allowTransparency='true' scrolling='auto' src=' https://creator.zohopublic.com/arturoacedo/test-zc56/form-embed/Untitled_Form/4A4x4zVJ9dkj5TaBEsvwgMPvJ6wM3PJKwM1Sk4Yz7yRNS8aAKOYjrQMFmHvBDgtOR1pFVBBf2UXMRhK28jSnrWNdOumdKva5jNvf'></iframe>

<iframe name='ElSegundoMarcoDeArturo' src=' https://app.zohocreator.com/sampleapps/testiframes/page-embed/emptyview' width="1500" height="300"></iframe>   

<%MiUrl = " https://www.zoho.com";

MiFrame = "ElSegundoMarcoDeArturo";

openUrl(MiUrl + "", "iframe", MiFrame);

}%>

 

Any idea where is my mistake?