HTML Standard attribute: sandbox
[this page | pdf | back links]
The HTML sandbox attribute indicates extra
restrictions applied to the content of an <iframe>
element. The sorts of additional restrictions that can be imposed include:
-
Deeming the content to come from a unique origin
-
Blocking form submission, script execution or execution of APIs
-
Preventing some sorts of links
-
Preventing content from using plug-ins (e.g. from <embed> or <object>
elements)
-
Blocking some automatically triggered features (such as automatically
playing a <video>
element)
Valid attribute
values (when used with <iframe>
elements) include either sandbox
(which results in all restrictions being applied) or a space delimited list of
values that exclude specific restrictions. These values are:
Value
|
Description
|
allow-forms
|
Form submission enabled
|
allow-pointer-lock
|
APIs allowed
|
allow-popups
|
Popups allowed
|
allow-same-origin
|
<iframe>
content allowed to be treated as being from same origin as main document
|
allow-scripts
|
Scripts allowed
|
allow-top-navigation
|
<iframe>
content allowed to navigate to its top-level browsing context
|
sandbox (i.e. no value)
|
All restrictions
applied
|
NAVIGATION LINKS
Contents | Prev | Next | HTML Attributes