iframe[sandbox] attribute

Misc

Method of running external site pages with reduced privileges (i.e. no JavaScript) in iframes (<iframe sandbox="allow-same-origin allow-forms" src="..."></iframe>)

Documentation

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox

Specification

Established standard

Status in Chromium

Blink components: Blink

Enabled by default in:

Chrome for desktop release 19
Opera release 15
Opera for Android release 15

Consensus & Standardization

Firefox: Shipped
Edge: Mixed public signals
Safari: Shipped
Web Developers: Strongly positive

Owner

abarth@chromium.org

Last updated on 2017-06-14