An <iframe> with extra restrictions:
More "Try it Yourself" examples below.
The sandbox attribute enables an extra set of restrictions for the content in the iframe.
When the sandbox attribute is present, and it will:
The value of the sandbox attribute can either be just sandbox (then all restrictions are applied), or a space-separated list of pre-defined values that will REMOVE the particular restrictions.
The numbers in the table specify the first browser version that fully supports the attribute.
Attribute | |||||
---|---|---|---|---|---|
sandbox | 4.0 | 10.0 | 17.0 | 5.0 | 15.0 |
The sandbox attribute is new in HTML5.
Value | Description |
---|---|
(no value) | Applies all restrictions |
allow-forms | Re-enables form submission |
allow-pointer-lock | Re-enables APIs |
allow-popups | Re-enables popups |
allow-same-origin | Allows the iframe content to be treated as being from the same origin |
allow-scripts | Re-enables scripts |
allow-top-navigation | Allows the iframe content to navigate its top-level browsing context |
An <iframe> sandbox allowing form submission:
An <iframe> sandbox allowing scripts and access to server content: