HTML <iframe> sandbox Attribute

The sandbox attribute on a <iframe> tag adds different restrictions to the content of the iframe.

These restrictions improve security, but they also restrict the iframe content‘s functionality.



A sandbox attribute on a <iframe> element. The attribute prevents JavaScript from executing. Without sandbox an alert box would display.

<iframe srcdoc="<script>alert('Script is disabled!')</script>"
        height="30" sandbox>

Using sandbox

The sandbox attribute adds a group of restriction to the <iframe> element's content, like so:

  • prevents form submission
  • disabled all script
  • disable APIs
  • display content as if it's from unique origin
  • disabled links from targeting new tab or window
  • prevents content to navigate to the iframe's page
  • disable automatic triggered events (e.g. playing video or audio, focusing elements at load)

Certain sandbox restrictions can be lifted with one or more attribute values (see below).


<iframe sandbox="allow-forms | allow-modals | 
     allow-orientation-lock | allow-pointer-lock | 
     allow-popups | allow-popups-to-escape-sandbox |
     allow-presentation | allow-same-origin | allow-scripts |
     allow-top-navigation | allow-top-navigation-by-user-activation" />

Note: These sandbox values remove certain restrictions. If not specified, all restrictions will be applied. To remove all restrictions the sandbox attribute itself should be removed.



Value Description
empty or no value set Implements all restrictions.
allow-forms Allows form to be submitted.
allow-modals Allows opening of modals.
allow-orientation-lock Allows screen orientation to be locked.
allow-pointer-lock Allows pointer lock API.
allow-popups Allow popups.
allow-popups-to-escape-sandbox Allow popup to open in new tab or window.
allow-presentation Allow a presentation to be started.
allow-same-origin Allows frame content to be treated as same origin.
allow-scripts Enables script to execute.
allow-top-navigation Allows frame content to navigate on the frame's page.
allow-top-navigation-by-user-activation Allows content to be opened in new tab or window -- if allowed by the user.

Browser support

Here is when sandbox support started for each browser:

4.0 Jan 2010
17.0 Nov 2012
10.0 Sep 2012
15.0 May 2013
5.0 Jun 2010

You may also like

 Back to <iframe>

Last updated on Sep 30, 2023