How we built it

iframe[sandbox] attribute

Method of running external site pages with reduced privileges (i.e. no JavaScript) in iframes (<iframe sandbox="allow-same-origin allow-forms" src="..."></iframe>)

Documentation

Specification

Established standard

Status in Chromium

Enabled by default in:

  • Chrome for desktop release 19
  • Opera release 15
  • Opera for Android release 15

Consensus & Standardization

Owner

Last updated on 2016-07-14