HTML sandbox Attribute
Your browser does not support iframe element.
Applies extra restrictions to the content in the <iframe>. The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions.
<iframe> attribute constrains the abilities of any iframed content.
It may contain a space-separated list of exceptions on included iframe content.
Currently supported values include allow-same-origin, allow-scripts, and allow-forms.
By default, the included content will be highly restricted, but each allow value will extend the sandbox to allow the included content to talk to its origin domain allow-same-origin, invoke scripting allow-scripts, or post forms allow-forms.
The sandbox attribute can be used on the following element:
|Applies all restrictions
|Allows for downloads to occur without a gesture from the user.
|Allows for downloads to occur with a gesture from the user.
|Allows form resource to submission.
|Allows to open modal windows.
|Allows to lock the screen orientation.
|Allows to use the Pointer Lock API.
|Allows popups (such as window.open(), target="_blank", or showModalDialog()).
|Allows popups to open new windows without inheriting the sandboxing.
|Allows to start a presentation session
|Allows resources to run scripts
|Allows the resource request access to the parent's storage capabilities with the Storage Access API.
|Allows the iframe content to navigate its top-level browsing context(window).
|Allows the iframe content to navigate its top-level browsing context, but only if initiated by user