'allow-top-navigation-by-user-activation' <iframe sandbox> keyword

Feature: 'allow-top-navigation-by-user-activation' <iframe sandbox> keyword

Adds a new keyword named "allow-top-navigation-by-user-activation" for iframe sandbox, which requires a user activation (or gesture) being processed to trigger a top-level navigation. This change would enable more use cases of sandboxing untrusted third-party contents (eg., ads) by allowing top navigation while blocking malicious auto-redirecting, and thus help building a safer internet (eg., a safer ads ecosystem in which all ads could be sandboxed to prevent unexpected malicious behaviors like

Demo

http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html

Documentation

Specification

Established standard

Status in Chromium

Blink components: Blink

Enabled by default (tracking bug) in:

Chrome for desktop release 58
Chrome for Android release 58
Android WebView release 58

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: In development
Edge: Positive
Safari: Shipped/Shipping
Web Developers: Positive

Owners

Search tags

iframe, sandbox, navigation,

Last updated on 2020-11-09