Open In App

HTML | <iframe> sandbox Attribute

Last Updated : 26 Mar, 2024
Improve
Improve
Like Article
Like
Save
Share
Report

The HTML <iframe> tag’s sandbox attribute restricts the behavior of the embedded content for added security. It allows or disallows specific capabilities such as form submission and scripting within the iframe.

When the sandbox attribute exists, it will: 

  • treat the content as being from a singular origin
  • It blocks form submission
  • It blocks script execution
  • It disables APIs
  • It also prevents links from targeting other browsing contexts
  • It stops the content from navigating its top-level browsing context
  • block automatically triggered features (such as automatically playing a video or automatically focusing a form control)

The value of the sandbox attribute will either be simply sandboxed (then all restrictions are applied) or a space-separated list of pre-defined values that will take away the actual restrictions.

Syntax:  

<iframe sandbox="value">

Attribute Values :

AttributeDescription
no-valuesApplies all restrictions, effectively disabling most capabilities of the embedded content.
allow-formsRe-enables form submission within the iframe.
allow-pointer-lockRe-enables pointer lock APIs within the iframe.
allow-popupsRe-enables popups within the iframe.
allow-same-originAllows the content of the iframe to be treated as being from the same origin as the parent page.
allow-scriptsRe-enables scripts within the iframe.
allow-top-navigationAllows the content of the iframe to navigate its top-level browsing context.

Example: In this example we displays GeeksforGeeks heading, iframe with sandbox attribute, and source set to GeeksforGeeks IDE. Basic structure without sandbox attribute values.

html 
<!DOCTYPE html>
<html>
    <head>
        <title>
            HTML Iframe sandbox Attribute
        </title>
    </head>

    <body>
        <h1>GeeksforGeeks</h1>

        <h2>HTML IFrame sandbox Attribute</h2>

        <br />
        <br />

        <iframe
            id="GFGFrame"
            src="https://ide.geeksforgeeks.org/tryit.php"
            width="400"
            height="200"
            sandbox
        >
        </iframe>
    </body>
</html>

Output: 


Supported Browsers:The browsers supported by HTML IFrame sandbox Attribute are listed below 


Like Article
Suggest improvement
Previous
HTML | kind Attribute
Next
PHP | utf8_encode() Function
Share your thoughts in the comments

Similar Reads

HTML | DOM IFrame sandbox Property
HTML | sandbox Attribute
How to load a hyperlink from one iframe to another iframe ?
How to check if an iframe is present in another iframe in JavaScript ?
Sandbox Security Model
HTML | <iframe> width Attribute
HTML | <iframe> height Attribute
HTML | <iframe> src Attribute
HTML | <iframe> name Attribute
HTML | <iframe> marginwidth Attribute

S
shubham_singh
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox