English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
The sandbox attribute enables a set of additional restrictions for the content within iframes
<iframe> has other restrictions:
!DOCTYPE html> <html> <head> <title>HTML:<iframe> sandbox attribute - Basic Tutorial Website oldtoolbag.com</title> <body> <iframe src="demo-iframe-sandbox.html" sandbox> <p>Your browser does not support iframes.</p> </iframe> <p>The 'Get Date and Time' button will run scripts within the inline frame.</p> <p>Due to the sandbox attribute being set, inline frame content is not allowed to run scripts. <p>You can add 'allow-scripts' in the sandbox attribute to allow JavaScript to run.</p> </body> </html>Test and see ‹/›
IEFirefoxOperaChromeSafari
Internet Explorer 10Firefox, Chrome, and Safari support the sandbox attribute.
Note:Opera and Internet Explorer 9 Versions prior to and including do not support the sandbox attribute.
The sandbox attribute enables a set of additional restrictions for the content within iframes.
When the sandbox attribute exists, it will:
Treat content as coming from a single source
Block form submissions
Prevent script execution
Disable APIs
Prevent links from locating other browsing contexts
Prevent content from using plugins (through <embed>, <object>, <applet>, or others)
Prevent content from navigating its top-level browsing context
Prevent automatically triggered features (such as automatic video playback or automatic focus on form controls)
The value of the sandbox attribute can be just sandbox (enabling all restrictions of the application), or a list of predefined values separated by spaces, which will remove specific restrictions.
The sandbox attribute is an HTML5 of the new attribute.
<iframe sandbox="value">
| Value | Description |
|---|---|
| "" | Enable all restriction conditions |
| allow-same-origin | Allow content to be treated as a normal source. If this keyword is not used, the embedded content will be considered as a separate source. |
| allow-top-navigation | The context of the embedded page can navigate (load) content into the top-level browsing context environment (browsing context). If this keyword is not used, this operation will not be available. |
| allow-forms | Allow form submission. |
| allow-scripts | Allow script execution. |
An <iframe> sandbox that allows form submission.
Enable a series of additional restrictions but allow form submission.
An <iframe> sandbox that allows scripts and access to server content.
Enable a series of additional restrictions but allow scripts and access to server content.