The sandbox attribute on a <iframe> tag adds different restrictions to the content of the iframe.
These restrictions improve security, but they also restrict the iframe content‘s functionality.
A sandbox attribute on a <iframe> element.
The attribute prevents JavaScript from executing. Without sandbox an alert box would display.
<iframe srcdoc="<script>alert('Script is disabled!')</script>"
height="30" sandbox>
</iframe>
The sandbox attribute adds a group of restriction to the <iframe> element's content, like so:
Certain sandbox restrictions can be lifted with one or more attribute values (see below).
<iframe sandbox="allow-forms | allow-modals |
allow-orientation-lock | allow-pointer-lock |
allow-popups | allow-popups-to-escape-sandbox |
allow-presentation | allow-same-origin | allow-scripts |
allow-top-navigation | allow-top-navigation-by-user-activation" />
Note: These sandbox values remove certain restrictions. If not specified, all restrictions will be applied.
To remove all restrictions the sandbox attribute itself should be removed.
| Value | Description |
|---|---|
| empty or no value set | Implements all restrictions. |
| allow-forms | Allows form to be submitted. |
| allow-modals | Allows opening of modals. |
| allow-orientation-lock | Allows screen orientation to be locked. |
| allow-pointer-lock | Allows pointer lock API. |
| allow-popups | Allow popups. |
| allow-popups-to-escape-sandbox | Allow popup to open in new tab or window. |
| allow-presentation | Allow a presentation to be started. |
| allow-same-origin | Allows frame content to be treated as same origin. |
| allow-scripts | Enables script to execute. |
| allow-top-navigation | Allows frame content to navigate on the frame's page. |
| allow-top-navigation-by-user-activation | Allows content to be opened in new tab or window -- if allowed by the user. |
Here is when sandbox support started for each browser:
 Chrome
|
4.0 | Jan 2010 |
 Firefox
|
17.0 | Nov 2012 |
 IE/Edge
|
10.0 | Sep 2012 |
 Opera
|
15.0 | May 2013 |
 Safari
|
5.0 | Jun 2010 |
