Adds a new keyword named "allow-top-navigation-by-user-activation" for iframe sandbox, which requires a user activation (or gesture) being processed to trigger a top-level navigation. This change would enable more use cases of sandboxing untrusted third-party contents (eg., ads) by allowing top navigation while blocking malicious auto-redirecting, and thus help building a safer internet (eg., a safer ads ecosystem in which all ads could be sandboxed to prevent malicious auto-redirecting).

Demo

• http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html

Documentation

• https://github.com/WICG/interventions/issues/42
• https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe

Specification

Specification link

Status: Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium

Blink components: Blink

Implementation status: Enabled by default (tracking bug)

Consensus & Standardization

• Firefox: Shipped/Shipping
• Edge: Positive
• Safari: Shipped/Shipping
• Web Developers: Positive

Owners

• binlu@google.com
• domenic@chromium.org
• emilyschechter@chromium.org
• aemiller@google.com

Search tags

Last updated on 2021-09-17