HTML sandbox Attribute

❮ HTML Attributes


<iframe src="demo/demo.html">
	Your browser does not support iframe element.


Applies extra restrictions to the content in the <iframe>. The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions.

<iframe> attribute constrains the abilities of any iframed content.

It may contain a space-separated list of exceptions on included iframe content.

Currently supported values include allow-same-origin, allow-scripts, and allow-forms.

By default, the included content will be highly restricted, but each allow value will extend the sandbox to allow the included content to talk to its origin domain allow-same-origin, invoke scripting allow-scripts, or post forms allow-forms.

Standard Syntax

<element sandbox="value">

Browser Support


Applies to:

The sandbox attribute can be used on the following element:

Element Attribute
<iframe> sandbox

Attribute Values

Value Description
no value Applies all restrictions
allow-downloads-without-user-activation Allows for downloads to occur without a gesture from the user.
allow-downloads Allows for downloads to occur with a gesture from the user.
allow-forms Allows form resource to submission.
allow-modals Allows to open modal windows.
allow-orientation-lock Allows to lock the screen orientation.
allow-pointer-lock Allows to use the Pointer Lock API.
allow-popups Allows popups (such as, target="_blank", or showModalDialog()).
allow-popups-to-escape-sandbox Allows popups to open new windows without inheriting the sandboxing.
allow-presentation Allows to start a presentation session
allow-same-origin Allows the iframe content to be treated as being from the same origin (potentially preventing access to data storage/cookies and some JavaScript APIs).
allow-scripts Allows resources to run scripts
allow-storage-access-by-user-activation Allows the resource request access to the parent's storage capabilities with the Storage Access API.
allow-top-navigation Allows the iframe content to navigate its top-level browsing context(window).
allow-top-navigation-by-user-activation Allows the iframe content to navigate its top-level browsing context, but only if initiated by user
❮ HTML Attributes