HTML iframe sandbox attribute
Examples
With additional restrictions <iframe>:
try it"
(For more examples, see the bottom of the page)
Browser Support
Internet Explorer 10, Firefox, Chrome and Safari support the sandbox attribute.
Note: 9 and earlier versions of Opera and Internet Explorer does not support the sandbox attribute.
Definition and Usage
If you specify an empty string (sandbox = ""), which attributes presented in the framework of the contents of the iframe enabled some additional restrictions.
Sandbox attribute value can be either an empty string (will enable all the restrictions), it can be space-separated list of specified strings.
HTML 5 by lifting iFrame security sandbox attribute. sandbox attribute can prevent mistrust Web page to perform certain operations.
HTML 5 specification editor Ian Hickson spoke about the benefits of sandbox, which can prevent the following actions:
- Access parent page DOM (from a technical point of view, this is because relative to the parent page iframe has become a different source)
- Execute scripts
- Embed own form, or manipulate forms via a script
- Read and write cookie, local storage or local SQL databases
Differences between HTML 4.01 and HTML5
sandbox attribute is new in HTML5 attributes.
grammar
Property Value
| 值 | 描述 |
|---|---|
| "" | 启用所有限制条件 |
| allow-same-origin | 允许将内容作为普通来源对待。如果未使用该关键字,嵌入的内容将被视为一个独立的源。 |
| allow-top-navigation | 嵌入的页面的上下文可以导航(加载)内容到顶级的浏览上下文环境(browsing context)。如果未使用该关键字,这个操作将不可用。 |
| allow-forms | 允许表单提交。 |
| allow-scripts | 允许脚本执行。 |
More examples
Allow a form submission <iframe> sandbox
Enabling a series of additional restrictions, but allow form submission.
Allow a script to access the server and the content of <iframe> sandbox
Enabling a series of additional restrictions, but allows scripts to access the server and content.
HTML <iframe> tag