🏠 New in Low Baseline Support: Sandboxed iframes

July 29, 2015

caniuse · mdn · [spec]([‘https://html.spec.whatwg.org/multipage/iframe-embed-object.html#attr-iframe-sandbox’, ‘https://privacycg.github.io/storage-access/#sandboxing-storage-access’])

The sandbox attribute for the <iframe> HTML element sets many security restrictions on the iframe, such as preventing form submissions or opening modal dialogs. Optional allow- values relax specific restrictions.

Source features

• api.HTMLIFrameElement.sandbox [mdn]
• html.elements.iframe.sandbox [mdn]
• html.elements.iframe.sandbox.allow-popups [mdn]
• html.elements.iframe.sandbox.allow-forms [mdn]
• html.elements.iframe.sandbox.allow-same-origin [mdn]
• html.elements.iframe.sandbox.allow-scripts [mdn]
• html.elements.iframe.sandbox.allow-top-navigation [mdn]
• html.elements.iframe.sandbox.allow-modals [mdn]
• html.elements.iframe.sandbox.allow-popups-to-escape-sandbox [mdn]
• html.elements.iframe.sandbox.allow-top-navigation-by-user-activation [mdn]
• html.elements.iframe.sandbox.allow-downloads [mdn]
• html.elements.iframe.sandbox.allow-top-navigation-to-custom-protocols [mdn]