What does the sandbox attribute do?

The sandbox Attribute in <iframe>

The sandbox attribute in the <iframe> element adds an extra layer of security by imposing restrictions on the content inside the iframe. It essentially creates a “sandboxed” environment where the embedded page has limited capabilities.

Key Points about sandbox

When present, it disables scripts, forms, and many default behaviors unless explicitly allowed.
You can selectively lift restrictions using space-separated values such as:
- allow-scripts – permits JavaScript execution.
- allow-forms – allows form submission.
- allow-same-origin – allows the iframe to be treated as from the same origin (important for cookies and storage).
- allow-popups – permits opening new windows or tabs.
Without any values, the iframe is heavily restricted by default.

Example Usage

In short: The sandbox attribute restricts the embedded content’s capabilities to prevent potential security risks. You can lift restrictions selectively with its allowed values.

Question Loading...

What does the sandbox attribute do?

The sandbox Attribute in <iframe>

Key Points about sandbox

When present, it disables scripts, forms, and many default behaviors unless explicitly allowed.
You can selectively lift restrictions using space-separated values such as:
- allow-scripts – permits JavaScript execution.
- allow-forms – allows form submission.
- allow-same-origin – allows the iframe to be treated as from the same origin (important for cookies and storage).
- allow-popups – permits opening new windows or tabs.
Without any values, the iframe is heavily restricted by default.

Example Usage

In short: The sandbox attribute restricts the embedded content’s capabilities to prevent potential security risks. You can lift restrictions selectively with its allowed values.