iframe[sandbox] attribute

Misc

Method of running external site pages with reduced privileges (i.e. no JavaScript) in iframes (<iframe sandbox="allow-same-origin allow-forms" src="..."></iframe>)

Documentation

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox

Specification

Established standard

Status in Chromium

Blink components: Blink

Enabled by default in:

Chrome for desktop release 19
Opera release 15
Opera for Android release 15

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Shipped
Edge: Shipped
Safari: Shipped
Web Developers: Strongly positive

Owner

abarth@chromium.org

Last updated on 2018-04-25